Tuesday, 13 October 2015

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

Apple announced "App Transport Security" for iOS9 & EI Capitan OSX 10.11.

ATS(App Transport Security), an app add a declaration to its info.plist that specifies the domain which it needs secure communication. It prevents accidental disclosure, security and easy to adopt. If you were developing an app, you should use HTTPS exclusively. Because if your application attempts to any HTTP server that doesnot support SSL technology.

By passing app-security.
To configure domain exception, your app can connect to non-secure and add these keys to info.plist (Xcode7 doesnot currently auto complete these keys

Do changes in info.plist







For example you can add a domain specific like:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
  <dict>
     <key>YOUR_DOMAIN_NAME</key>
     <dict>
         <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key><true>
         <key>NSIncludesSubdomains</key><true>
         <key>NSTemporaryExceptionMinimumTLSVersion</key><string>TLSv1.1</string>
     </true></true></dict>
   </dict>
</dict>


Alternate solution

If I do not know all insecure domains, then use




<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key><true>
  <dict>
at
Labels: , , , , , , ,

3 comments:

  1. Unknown16 November 2015 at 02:56

    Hi, what about when the app is not an app but a sh script?

    ReplyDelete
    Replies
    1. Unknown16 November 2015 at 03:00

      In my case It works for me passing the URL as https.

      Delete
    2. Ashish Jabble23 November 2015 at 22:39

      Hi Joseba, If you were developing an app using "HTTPS", then no issues. Although we can use with "HTTP" too with bypassing condition (.plist)

      Delete

Subscribe to: Post Comments (Atom)