0

After trying to run the app on the iOS9 simulator i've faced the following nasty warning

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

After googling for solutions i've found one. Opening your project's .plist file as a Source code and adding those lines:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>mydomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
    </dict>
</dict>

Cleaned the build, ran - and saw similar warning.
Afterwards, I've tried a variety of other approaches listed here How do I load an HTTP URL with App Transport Security enabled in iOS 9?

None worked.

I tried allowing all domains even though it's a rejection-risk approach.

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

it also didn't work. Seems like Xcode 7.0.1 is overriding this configuration no matter how i edit the plist file.

Looking forward to any advices on the subject.

Community
  • 1
  • 1
David Robertson
  • 1,561
  • 4
  • 19
  • 41
  • 1
    Do not edit the plist file directly. Indeed Xcode could rewrite it. Use the `Info` tab (next to `Resource Tags`) in Xcode to create the new content in "Custom Application Target Properties". – Eric Aya Oct 26 '15 at 15:29
  • "None worked" They _do_ work. You should assume that _you_ are the one not doing it properly. – matt Oct 26 '15 at 15:32
  • I don't think you should set both the NSExceptionAllowsInsecureHTTPLoads and the NSExceptionRequiresForwardSecrecy keys at the same time. Try just NSExceptionAllowsInsecureHTTPLoads. – Glenn Howes Oct 26 '15 at 15:35
  • @matt ok, i edit the plist file as source code, copy paste the solutions with my domain, re-open it as property list - everything works, i can see correct property types and boolean values at the very end of the plist. Unfortunately, when i run it - those rules just don't apply. what is more to it? – David Robertson Oct 26 '15 at 15:38
  • @GlennHowes tried it, same result (( – David Robertson Oct 26 '15 at 15:38
  • @EricD. tried, it didn't work... totally confused – David Robertson Oct 26 '15 at 15:50

1 Answers1

1

The domain name your are calling has which security version layer?

Apple default settings is 1.2 TLS. Your API may be on 1.1 or 1.0 security. Try to set the NSExceptionMinimumTLSVersion. Just edit the dictionary in info.plist in which you mentioned your domain name. Here is an example for TLS version 1.0 security.

<key>mydomain.com</key>
        <dict>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.0</string>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
Rajan Maheshwari
  • 14,465
  • 6
  • 64
  • 98