The resource could not be loaded because the App Transport Security policy requires the use of a secure connection

Asked 17/9, 2015 at 13:11 Answered 14/2 at 11:40

Solved ios nsurlconnection nsurlsession ios9 xcode7

613

I am facing the Problem when I have updated my Xcode to 7.0 or iOS 9.0. Somehow it started giving me the Titled error

"The resource could not be loaded because the App Transport Security policy requires the use of a secure connection"

Webservice Method:

- (void)ServiceCall:(NSString*)ServiceName :(NSString *)DataString
{
    NSURLSessionConfiguration *sessionConfiguration = [NSURLSessionConfiguration defaultSessionConfiguration];
    [sessionConfiguration setAllowsCellularAccess:YES];
    [sessionConfiguration setHTTPAdditionalHeaders:@{ @"Accept" : @"application/json" }];
    NSURLSession *session = [NSURLSession sessionWithConfiguration:sessionConfiguration];

    NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:@"%@",ServiceURL]];
    NSLog(@"URl %@%@",url,DataString);
    // Configure the Request
    NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
    [request setValue:[NSString stringWithFormat:@"%@=%@", strSessName, strSessVal] forHTTPHeaderField:@"Cookie"];
    request.HTTPBody = [DataString dataUsingEncoding:NSUTF8StringEncoding];
    request.HTTPMethod = @"Post";

    // post the request and handle response
    NSURLSessionDataTask *postDataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error)
        {
        // Handle the Response
        if(error)
        {
            NSLog(@"%@",[NSString stringWithFormat:@"Connection failed: %@", [error description]]);

            // Update the View
            dispatch_async(dispatch_get_main_queue(), ^{

                // Hide the Loader
                [MBProgressHUD hideHUDForView:[[UIApplication sharedApplication] delegate].window animated:YES];


            });
            return;
        }
        NSArray * cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:request.URL];
        for (NSHTTPCookie * cookie in cookies)
        {
            NSLog(@"%@=%@", cookie.name, cookie.value);
            strSessName=cookie.name;
            strSessVal=cookie.value;

        }

        NSString *retVal = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
    }];

    [postDataTask resume];
}

The service is Running fine for Xcode earlier versions and iOS previous versions But when I have updated to Xcode 7.0 that is on iOS 9.0, it started to give me the Problem like following when I am calling the above web service method. The Logged Error which I am getting is:

Connection failed: Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fada0f31880 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=MyServiceURL, NSErrorFailingURLKey=MyServiceURL, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}

I have tried Following Questions and answers but did not get any result there, is there any advance idea how I can remove that service call error?

Herodias answered 17/9, 2015 at 13:11 Comment(1)

possible duplicate of App Transport Security Xcode 7 beta 6 – Windward 21/9, 2015 at 11:3

1106

I have solved it with adding some key in info.plist. The steps I followed are:

Opened my Project target's info.plist file
Added a Key called NSAppTransportSecurity as a Dictionary.
Added a Subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES as like following image.

Clean the Project and Now Everything is Running fine as like before.

Ref Link: https://stackoverflow.com/a/32609970

EDIT: OR In source code of info.plist file we can add that:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>yourdomain.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
       </dict>
  </dict>

Herodias answered 17/9, 2015 at 13:11 Comment(13)

I cannot send use mail after i added this. it gives me an error - MailCompositionService quit unexpectedly. – Frodi 10/10, 2015 at 6:39

It's not work at first. You need to add the keys inside Project > Target too – Takeshi 19/11, 2015 at 2:13

Here's some helpful Apple documentation developer.apple.com/library/ios/documentation/General/Reference/… – Trueblue 20/11, 2015 at 14:53

Thanks for saving my day. Is this error come because of IOS 9?? – Addend 2/3, 2016 at 7:32

@MihirOza: Yep, transport security is a new feature of iOS 9. – Morrissey 22/4, 2016 at 21:55

Works like charm. It is not an error, it is just extra security in iOS. – Daffi 24/5, 2016 at 10:27

If I get this error in a different target i. e. a share extension target. Do i add it to that target's info.plist or the entire projects? – Hazelwood 9/8, 2016 at 21:49

If you have no exception domains, just remove any key under NSExceptionDomains. Or else it will be an exception to NSAllowArbitraryLoads, then you must use https to visit this exception – Weathers 30/9, 2016 at 2:43

For Xcode 8.3 / Swift 3 it is App Transport Security Settings and Allow Arbitrary Loads respectively – Gramophone 26/4, 2017 at 13:54

Just adding my 2 cents. If you tried it and it doesn't work. Make sure you do it on the right info.plist you can have more than 1 of these files. – Closehauled 25/12, 2017 at 7:28

One old project had "ProjectName-Info.plist" file instead of "Info.plist", noticed only after while trying to create new info.plist file. Added to this file and worked great. – Collegiate 30/9, 2018 at 7:27

You should NOT disable it! It's unsafe. Check ste.vn/2015/06/10/… – Est 3/2, 2019 at 13:25

I have tried above solution, http based apis are being called but I can not stream video. any idea how we can stream video that is http based? – Pratincole 4/11, 2020 at 18:35

334

Be aware, using NSAllowsArbitraryLoads = true in the project's info.plist allows all connection to any server to be insecure. If you want to make sure only a specific domain is accessible through an insecure connection, try this:

Or, as source code:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>domain.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>

Clean & Build project after editing.

Gliwice answered 23/10, 2015 at 15:38 Comment(4)

thanks for your answer just NSAllowArbitaryLoads didn't work for me adding NSExceptionAllowsInsecureHTTPLoads did the trick – Clyde 5/2, 2016 at 5:22

I also added these two keys:  <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/>  <key>NSTemporaryExceptionMinimumTLSVersion</key> <string>TLSv1.1</string> It made it load a LOT quicker too. – Disembogue 8/4, 2016 at 15:7

Note: I'm using XCode 8 now: If you're doing this manually, make sure to right click on the domain > Value Type > Dictionary to add "..AllowsInsecure..." and "...IncludesSubdomains" – Krug 17/3, 2017 at 15:35

Not working if I specify port number after domain.com. (domain.com:3001 for example) – Rhizoid 19/6, 2019 at 7:22

Transport security is provided in iOS 9.0 or later, and in OS X v10.11 and later.

So by default only https calls only allowed in apps. To turn off App Transport Security add following lines in info.plist file...

<key>NSAppTransportSecurity</key>
  <dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
  </dict>

For more info:
https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33

Edmiston answered 1/10, 2015 at 9:50 Comment(2)

But, this is still not allowing me to make HTTP call to any domain. Is there any clue why is it happening? – Threephase 3/1, 2020 at 5:57

Even its a HTTP URL, the URL shoulb be bverified or should have a vlid SSL certificate. – Edmiston 6/4, 2020 at 5:41

For iOS 10.x and Swift 3.x [below versions are also supported] just add the following lines in 'info.plist'

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

Argillaceous answered 10/12, 2015 at 12:55 Comment(1)

For 10.x and Swift 3.x, I had seen elsewhere that the keys were actually AppTransportSecurity and AllowsArbitraryLoads but those were wrong. the NS prefix is still needed for these keys, even for Swift 3.x. The error went away when I relied on the NS prefix for these keys. – Pori 25/7, 2017 at 1:28

In Swift 4 You can use

->Go Info.plist

-> Click plus of Information properties list

->Add App Transport Security Settings as dictionary

-> Click Plus icon App Transport Security Settings

-> Add Allow Arbitrary Loads set YES

Bellow image look like

Zel answered 23/4, 2018 at 9:33 Comment(0)

I have solved as plist file.

Add a NSAppTransportSecurity : Dictionary.

Add Subkey named " NSAllowsArbitraryLoads " as Boolean : YES

Backdate answered 8/10, 2015 at 6:4 Comment(0)

This is Apple's way of forcing tighter security on your apis(forced to use https over http). I'll explain how to remove this security setting.

Most answers on here point out adding this key to your info.plist

This alone did not solve this problem for me. I had to add the same key to inside

Project -> Targets -> Info -> Custom iOS Target Properties

This will allow insecure connections to happen from anyone however. If you want to allow only a specific domain to use make insecure connections, you can add the following to your info.plist.

Skilken answered 6/10, 2019 at 22:10 Comment(1)

Thanks, this worked for me! I only edited the plist file before which didnt work. Im surprised how other people got it working that way – Collin 14/2, 2020 at 10:22

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection working in Swift 4.03.

Open your pList.info as source code and paste:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

Detach answered 4/1, 2018 at 5:11 Comment(0)

From Apple documentation

If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file.

To Bypass App Transport Security:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

To allow all insecure domains

<key>NSAppTransportSecurity</key>
<dict>
  <!--Include to allow all connections (DANGER)-->
  <key>NSAllowsArbitraryLoads</key>
  <true/>
</dict>

Semicentennial answered 16/11, 2016 at 4:8 Comment(0)

If you are using Xcode 8.0 and swift 3.0 or 2.2

Ngo answered 28/10, 2016 at 7:22 Comment(0)

In Xcode 7.1 onwards(swift 2.0)

Quadragesima answered 18/11, 2015 at 10:9 Comment(0)

In XCode 12.5. IOS 14. I made following entries

This is how info.plist source code looks like

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

Shantel answered 3/6, 2021 at 5:30 Comment(1)

Working for me..... – Constitutionality 9/3, 2022 at 12:36

If you are not a big fan of XML, then just add below tag in your plist file.

Lunt answered 12/10, 2017 at 10:25 Comment(0)

iOS 9 (may) force developers to use App Transport Security exclusively. I overheard this somewhere randomly so I don't know whether this is true myself. But I suspect it and have come to this conclusion:

The app running on iOS 9 will (maybe) no longer connect to a Meteor server without SSL.

This means running meteor run ios or meteor run ios-device will (probably?) no longer work.

In the app's info.plist, NSAppTransportSecurity [Dictionary] needs to have a key NSAllowsArbitraryLoads [Boolean] to be set to YES or Meteor needs to use https for its localhost server soon.

Palace answered 25/9, 2015 at 12:14 Comment(0)

If you are using Xcode 8.0 to 8.3.3 and swift 2.2 to 3.0

In my case need to change in URL http:// to https:// (if not working then try)

Add an App Transport Security Setting: Dictionary.
Add a NSAppTransportSecurity: Dictionary.
Add a NSExceptionDomains: Dictionary.
Add a yourdomain.com: Dictionary.  (Ex: stackoverflow.com)

Add Subkey named " NSIncludesSubdomains" as Boolean: YES
Add Subkey named " NSExceptionAllowsInsecureHTTPLoads" as Boolean: YES

Lizzettelizzie answered 20/10, 2017 at 16:55 Comment(0)

For those of you developing on localhost follow these steps:

Tap the "+" button next to Information Property List and add App Transport Security Settings and assign it a Dictionary Type
Tap the "+" button next to the newly created App Transport Security Settings entry and add NSExceptionAllowsInsecureHTTPLoads of type Boolean and set its value to YES.
Right click on NSExceptionAllowsInsecureHTTPLoads entry and click the "Shift Row Right" option to make it a child of the above entry.
Tap the "+" button next to the NSExceptionAllowsInsecureHTTPLoads entry and add Allow Arbitrary Loads of type Boolean and set its value to YES

Note: It should in the end look something like presented in the following picture

Multiped answered 30/8, 2019 at 19:26 Comment(0)

You just need to use HTTPS and not HTTP in your URL and it will work

Uthrop answered 22/9, 2015 at 16:43 Comment(7)

Unless, of course, you cannot use HTTPS because Apple does not like self-signed certifcates. Do you not have that problem? – Garwin 22/9, 2015 at 20:47

In my case, it works perfectly since I changed to HTTPS – Uthrop 22/9, 2015 at 22:37

but do you use a self-signed or CA signed certificate? Just curious. Sort of a separate issue, of course, but figured I would ask. – Garwin 23/9, 2015 at 17:24

I didn't work on the server side, I don't know to be honest :( – Uthrop 23/9, 2015 at 23:13

Setting up HTTPS connection on some server environments (shared hosting) might be difficult. – Fredrika 6/10, 2015 at 3:31

Don't tell or force people to use HTTPS, they might have some other requirements. That is not an answer at all. – Almsgiver 27/5, 2022 at 5:35

Not if you are required to use HTTP – Pamphleteer 21/10, 2022 at 1:36

Make sure you change the right info.plist file.

This is the second time I waste time on this issue, because I didn't notice that I'm changing info.plist under MyProjectNameUITests.

Closehauled answered 12/3, 2018 at 8:41 Comment(0)

Open your pList.info as Source Code and at bottom just before </dict> add following code,

 <!--By Passing-->
    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>your.domain.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>1.0</string>
                <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict>
    <!--End Passing-->

And finally change your.domain.com with your base Url. Thanks.

Seduce answered 15/11, 2017 at 8:33 Comment(0)

If you use firebase, it will add NSAllowsArbitraryLoadsInWebContent = true in the NSAppTransportSecurity section, and NSAllowsArbitraryLoads = true will not work

Schulman answered 4/12, 2019 at 2:28 Comment(1)

Thanks for this information. You saved me hours of troubleshooting. – Loophole 5/6, 2020 at 14:44

I managed to solve this with a combination of many of the mentioned options. I’ll include a checklist of all of the things I had to do to get this to work.

In short:

Set NSAllowsArbitraryLoads to true for my watch extension (not my watch app).
Ensure I was using https and not http.

Step one:

Firstly and most obviously I had to add an NSAppTransportSecurity key as a dictionary in my watch extension’s info.plist with a subkey called NSAllowsArbitraryLoads as a boolean set to true. Only set this in the watch extension and not the watch app’s plist. Although take note that this allows all connections and could be insecure.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

Step two:

Then I had to make sure that the url I was trying to load was https and not just http. For any urls that were still http I used:

Swift:

let newURLString = oldURLString.stringByReplacingOccurrencesOfString("http", withString: "https")

Obj-C:

NSString *newURLString = [oldURLString stringByReplacingOccurrencesOfString:@“http” withString:@“https”];

Salesman answered 15/3, 2016 at 14:8 Comment(0)

For XCode 13, adding Allow Arbitrary Loads isn't such a trivial job. Because by default there is no key named App Transport Security Settings.

You have to discover how to add a new root level key, by pressing any of the plus buttons that you see under Info/Custom iOS Target Properties.

See details in this link:

https://mcmap.net/q/65449/-app-transport-security-xcode-7-beta-6

Almsgiver answered 27/5, 2022 at 5:50 Comment(0)

It is recommended to use https calls only in Apps. Transport security was introduced in iOS 9.0, allowing only https calls from apps by default.

However, if you still want to allow all non https calls - Add NSAppTransportSecurity (Dictionary) in Info.plist and Add Subkey named NSAllowsArbitraryLoads with the boolean value YES. After update, plist should look like

STEPS

Open Info.plist
Click + under the Information properties list
Add App Transport Security Settings(NSAppTransportSecurity) as a dictionary
Click + under added App Transport Security Settings
Add Allow Arbitrary Loads(NSAllowsArbitraryLoads) as boolean and set the value to YES

Incomplete answered 26/8, 2022 at 13:28 Comment(0)

I have solved this issue in the case of a self hosted parse-server using a one year signed certificate rather than the option "NSAllowsArbitraryLoads"

Parse Server as any node.js server presents a public https url that you have to specify. For instance:

parse-server --appId --masterKey --publicServerURL https://your.public.url/some_nodejs

Feel free to give a look to my configuration files

Maecenas answered 12/4, 2016 at 22:10 Comment(0)

Open info.plist file
Add a Key called App Transport Security Settings as a Dictionary.
Add a Subkey called Allow Arbitrary Loads as Boolean and set its value to YES as in the following image.
Finally, clean the Project (with Command+Shift+K) and done.

Or, in code:

<plist version="1.0">
<dict>
    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
    </dict>

    // .....

</dict>

Headset answered 31/10, 2023 at 19:40 Comment(1)

This adds nothing that isn't found in several of the existing answers. Also, if you find that you are posting the same answer to more than one question then you should instead flag the question as a duplicate of the other. – Scuta 1/11, 2023 at 1:53

// on the top of last two  (</dict> and </plist>)

paste the below snipped code

<key>NSAppTransportSecurity</key>
  <dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
  </dict>

Clevis answered 10/1 at 4:16 Comment(0)

Solution: Inside Ios folder > Project Name > info.plist file:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>   //Add this line
        <true/>                             //Add this line
        <key>NSExceptionDomains</key>
        <dict>
            <key>yourdomain.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
       </dict>
  </dict>

then cd ios

finally pod install

Thissa answered 14/2 at 11:40 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags