App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure.

Asked 2/10, 2015 at 16:51 Answered 24/3, 2016 at 20:37

-1

Supposedly temporary exceptions can be configured via your app's Info.plist file. Following other answers, I added this entry to the info.plist but it does not help (even worse, after I changed the xml file I get a permission error when I attempt to run the app on my iPhone but not on the simulator - but that is a different problem.)

 <key>NSAppTransportSecurity</key>
 <dict>
 <key>NSAllowsArbitraryLoads</key>
  <true/>
 </dict>

Latinist answered 2/10, 2015 at 16:51 Comment(0)

From Project Navigator click your project's name.

Now, on the right side you' ll see the General Tab of your project. Select the Info and in the Customs iOS Target Properties add a new type.

Name it as NSAppTransportSecurity, type as Dictionary. Inside that add a new item and name it as NSAllowsArbitraryLoads, type as Boolean, value YES.

Hope that will solve your problems.

Saccharin answered 2/10, 2015 at 17:24 Comment(5)

I can't see how to add a new type in the Custom iOS Target Properties. (Is this in addition to the requirement to add it to info.plist?) – Latinist 2/10, 2015 at 18:20

Go with the mouse to the first row (Bundle versions...) and you will see that a + will appear. Click + and add the values that i wrote in my previous answer. – Saccharin 2/10, 2015 at 18:36

Wonderful .. now it is working. It is strange that the previous instructions only mentioned adding this to info.plist. Is it assumed that one would also add it to the Project settings? Many thanks, – Latinist 3/10, 2015 at 17:58

@trdavidson so do I at the moment. Did you figure it out? – Margheritamargi 23/3, 2016 at 22:52

@SamHeather my answer was too long for comments, so please see below for the format that is working for me.. let me know if it helped! – Neocolonialism 24/3, 2016 at 20:38

@SamHeather I tried to post this in Comments, but apparently too long.. This is white listing Facebook domains which is mandatory for the Facebook SDK integration. You can change these of course to fit your needs.

Currently whitelisted are: akamaidhd.net, facebook.com, and fbcdn.net.

You could change these like such for example:

<key>(your domain name) </key>
                <dict>
                    <key>NSIncludesSubdomains</key>
                    <true/>
                    <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                    <false/>
                </dict>

Facebook white listing below:

<key>NSAppTransportSecurity</key>
<dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>akamaihd.net</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
            <key>facebook.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
            <key>fbcdn.net</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict>

Neocolonialism answered 24/3, 2016 at 20:37 Comment(0)

Recommended topics

Hot tags