How to add NSAppTransportSecurity to Cordova project

3
votes

I'm working on a ionic cordova project. That application needs to be onfigured App Transport Security Exceptions for iOS 9 version.

Does anyone know how to add below configuration to the cordova project configuration file? (config.xml)

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

Regards,

4
ioscordovaionic-framework
Check this answer: stackoverflow.com/questions/31216758/…manman

4 Answers

9
votes

The easiest solution is probably by using a plugin. Take a look at cordova-plugin-transport-security

cordova plugin add cordova-plugin-transport-security --save

You can see in its plugin.xml file how it modifies the plist value.

<platform name="ios">
  <config-file target="*-Info.plist" parent="NSAppTransportSecurity">
      <dict>
          <key>NSAllowsArbitraryLoads</key>
          <true/>
      </dict>
  </config-file>
</platform>
6
votes

Referring to the Whitelist Guide this should be done by adding 

<access origin='*' allows-arbitrary-loads-in-media='true' allows-arbitrary-loads-in-web-content='true' allows-local-networking='true' />

to your config.xml.

3
votes

You are able to update properties in your app Info.plist file by using the edit-config tag directly in your config.xml.

This is similar to Connor's answer but allows for more general control of your app's config.

For this particular case you could include the following (replacing ${APP_NAME} with the name of your app, unsurprisingly):

  <edit-config file="${APP_NAME}/${APP_NAME}-Info.plist" target="NSAppTransportSecurity" mode="merge">
    <dict>
      <key>NSAllowsArbitraryLoads</key>
      <false/>
    </dict>
  </edit-config>
0
votes

I have always done this using a Hook script and plistbuddy. So I would place this in the hooks folder, making sure it's set to executable file permissions (755 will do):

    #!/bin/bash

echo "Adjusting plist for App Transport Security exception."
val=$(/usr/libexec/plistbuddy -c "add NSAppTransportSecurity:NSExceptionDomains:DOMAIN_TO_SET_AS_EXCEPTION:NSTemporaryExceptionAllowsInsecureHTTPLoads bool true" platforms/ios/HelloCordova/HelloCordova-Info.plist 2>/dev/null)
echo "Done"

Replace "DOMAIN_TO_SET_AS_EXCEPTION" with your domain e.g. myhost.example.com - I'm not a fan of setting all domains open until you need them so recommend a whitelisting approach.

Then to get this to fire I modify config.xml in the iOS platform section to look like:

    ...
<platform name="ios">
    <hook type="before_build" src="hooks/ios_ats.sh" />
    ...

I wrote a blog post showing this along with a complete example project on Github linked from the post that you can get an appropriate script from.