Login/Register
iOS 10: Apple transport security "exception domains" no longer working
Asked Answered
securityios10beta
E

4

12

I'm using iOS 10 beta 8, Xcode 8 beta 6.

Regarding Apple Transport Security (ATS) I'm finding that using "exception domains" isn't working in iOS10, but "allow arbitrary loads does". Anyone else confirm?

ATS exception

(I've removed the domain name from the image; this is an enterprise application and won't be affected by the app store ignoring ATS exceptions)

Escarpment answered 5/9, 2016 at 16:54 Comment(0)
B
10

Exception domains method works on me. Xcode 8.21, mac os 10.12.3 and react-native 0.42.3.

After modify the plist in xcode or text-editor mode as follows, you should close the terminal and simulator and restart it. 

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example1.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
        <key>example2.org</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
    <key>NSAllowsLocalNetworking</key>
    <true/>
</dict>
Brahear answered 27/3, 2017 at 13:59 Comment(0)
A
3

This might not be your problem but it solved mine.

The domain you type has to be the domain that will typically display in a browser i.e. if in your code you use http://www.example.com you should use www.example.com instead. or http://example.com should instead be example.com in plist

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <!-- Replace example.com with www.example.com if that is what you registered on your hosting service-->
    <key>example.com</key>
    <!-- instead of http://example.com -->
    <dict>
      <key>NSExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <key>NSIncludesSubdomains</key>
      <true/>
    </dict>
  </dict>
</dict>
Avictor answered 11/3, 2017 at 18:57 Comment(0)
S
2

You have to use NSAllowsArbitraryLoads in App transportation Security. I was having same issue but now it is resolved.enter image description here

Sattler answered 26/9, 2016 at 9:14 Comment(1)
This solution can be used only temporarily because it's insecure and thus not recommended by Apple.Dyun
H
2

2021 example working fine:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>NSAppTransportSecurity</key>
        <dict>
            <key>NSExceptionDomains</key>
            <dict>
                <key>abcdef.com</key>
                <dict>
                    <key>NSExceptionAllowsInsecureHTTPLoads</key>
                    <true/>
                    <key>NSIncludesSubdomains</key>
                    <true/>
                </dict>
            </dict>
        </dict>
    </dict>
</plist>

Recall for Swift non-storyboard apps, there is by default no Info.plist file.

  1. go to Target (not project), Info

  2. add any key (even a nonsensical one)

  3. that will generate a conventional Info.plist file

Now you can modify the source of the Info.plist file as usual in the simple way.

Hrvatska answered 27/11, 2021 at 15:41 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.