App Transport Security issue iOS9

0
votes

After trying to run the app on the iOS9 simulator i've faced the following nasty warning

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

After googling for solutions i've found one. Opening your project's .plist file as a Source code and adding those lines:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>mydomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
    </dict>
</dict>

Cleaned the build, ran - and saw similar warning.
Afterwards, I've tried a variety of other approaches listed here How do I load an HTTP URL with App Transport Security enabled in iOS 9?

None worked.

I tried allowing all domains even though it's a rejection-risk approach.

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

it also didn't work. Seems like Xcode 7.0.1 is overriding this configuration no matter how i edit the plist file.

Looking forward to any advices on the subject.

1
iosplistios9xcode7app-transport-security
Do not edit the plist file directly. Indeed Xcode could rewrite it. Use the Info tab (next to Resource Tags) in Xcode to create the new content in "Custom Application Target Properties". - Eric Aya
"None worked" They do work. You should assume that you are the one not doing it properly. - matt
I don't think you should set both the NSExceptionAllowsInsecureHTTPLoads and the NSExceptionRequiresForwardSecrecy keys at the same time. Try just NSExceptionAllowsInsecureHTTPLoads. - Glenn Howes
@matt ok, i edit the plist file as source code, copy paste the solutions with my domain, re-open it as property list - everything works, i can see correct property types and boolean values at the very end of the plist. Unfortunately, when i run it - those rules just don't apply. what is more to it? - David Robertson
@GlennHowes tried it, same result (( - David Robertson

1 Answers

1
votes

The domain name your are calling has which security version layer?

Apple default settings is 1.2 TLS. Your API may be on 1.1 or 1.0 security. Try to set the NSExceptionMinimumTLSVersion. Just edit the dictionary in info.plist in which you mentioned your domain name. Here is an example for TLS version 1.0 security.

<key>mydomain.com</key>
        <dict>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.0</string>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>