3

I'm trying to access my Python CGI script running on an instance in Amazon EC2 though a POST request but even though I have changed my Info.plist file to allow arbitrary loads it shows:

error

Here's where I make the POST request:

let manager = AFHTTPRequestOperationManager()
        let URL = "http://ec2-XX-XX.compute-1.amazonaws.com/cgi-bin/hellopy2.py"
        let params = ["userToken": "XXXXXXXXXXX"]

        manager.POST(URL, parameters: params, success: { (operation, responseObject) -> Void in

Here is my info.plist file:

Info.plist

rmaddy
  • 314,917
  • 42
  • 532
  • 579
David
  • 101
  • 2
  • 4

2 Answers2

1

Make sure you have the right Info.plist file

First, make sure that the Info.plist that you put those settings in is the one your project is using. You can verify this by going into your project settings and searching for Info.plist. Make sure that the Info.plist file where you set those values is the one for the build target you are building.

Example of Info.plist settings

You can also verify after the fact if you build your project to an IPA. Unzip the IPA, and in the folder that is unzipped, you should see an Info.plist file. Verify that your ATS settings are in that file to make sure the running app should use those exceptions.

Get the settings correct / consistent

Once you've verified this, you should clean up your settings. You use the global flag for allowing any insecure traffic. That will work for now, but after the end of 2016, you won't be able to submit to the store without providing Apple a justification and facing possible rejection. I would recommend not using it at this point, unless this is an app that won't be distributed through the app store (e.g. an enterprise app). If you do choose to use this flag, remove the exception domains, as they are unneeded (you are basically saying all domains are exceptions and allow http).

If you want to do it correctly, by only allowing insecure connections to amazonaws, your settings should simply look like this:

Cleaned up App Transport Security Settings without extra entries

If you have those settings, and your Info.plist configuration is correct, you should be able to access any amazonaws.com subdomains without https.

wottle
  • 13,095
  • 4
  • 27
  • 68
-1

"http://" is not part of the domain name.

Remove the "http://" from the domain name in your Info.plist file.

*You don't need to set the global "Allow Arbitrary Loads" key to "Yes" for this to work.

Swifty
  • 3,730
  • 1
  • 18
  • 23
  • @DavidFernandez Do you get the error if you delete Exception Domains all together and only set Allow Arbitrary Loads to YES ? – Swifty Oct 05 '16 at 17:03
  • @DavidFernandez Have you tried deleting the app from the simulator and trying again? – Swifty Oct 05 '16 at 17:11
  • Deleted the app and tried with and without exception domains and still getting the error. – David Oct 05 '16 at 17:24
  • Any other suggestions? – David Oct 05 '16 at 23:45
  • @DavidFernandez Check this [answer](http://stackoverflow.com/a/33712228/6739471) and if that doesn't work try the 3rd answer in that link to manually add the options needed to the plist file. – Swifty Oct 06 '16 at 00:29
  • Thanks for the help. The problem was my domain name – David Oct 06 '16 at 20:57