2

Hey i'm getting this error:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

When trying to fetch an image from the web, i know this has to be with the iOS9 App Transport Security but the thing is that in my plist i have the Allow Arbitrary Loads set to true.

More then that i really can't find any more solutions for this problem.

Does anyone have any ideas?

enter image description here

YYfim
  • 1,402
  • 1
  • 9
  • 24
  • Can you add a screenshot of the .plist entry? Just to be sure? – NSNoob Jan 22 '16 at 15:23
  • Yeah sure one sec @NSNoob – YYfim Jan 22 '16 at 15:23
  • Have you seen this post http://stackoverflow.com/a/31254874/3096087 ? – Niko Jan 22 '16 at 15:26
  • @Niko yeah i've seen it, and i have the Allow Arbitrary Loads to true, like i said in the question. – YYfim Jan 22 '16 at 15:27
  • 1
    make sure that the image is not on a server within the "Exception Domains" – Daniel Jan 22 '16 at 15:28
  • @simpleBob thanks that solve the warning, why is that happening? and when i get to production and will need to remove the Allow Arbitrary Loads, then i can add the "exception domains"? – YYfim Jan 22 '16 at 15:33
  • @YuviGr See my answer, when you go to production, you probably want to set `NSAllowArbitoryLoads` to NO, and allow arbitrary loads only for specific domains. There are more configuration possibilities if you don't want to allow arbitrary loads, but for example want to allow an old TSL version – Daniel Jan 22 '16 at 16:16

1 Answers1

2

In Exception Domains you define a security for specific domains. In this dictionary you can override what is defined with NSAllowArbitoryLoads, for example with:

NSAppTransportSecurity
    NSAllowsArbitraryLoads = YES  
    NSExceptionDomains
        "unsecure-server-i-control.example.com"
        NSExceptionAllowsInsecureHTTPLoads = NO

arbitrary loads are allowed in general, but specifically for unsecure-server-i-control.example.com they are not allowed.

For more information see NSAppTransportSecurity in Apple docs

Daniel
  • 20,420
  • 10
  • 92
  • 149