4

I am testing my app in Xcode 7, IOS 9 and got the following error :

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

So I have done some changes in Info.plist file as below and application is now working fine across all IOS Versions:

<key>NSAppTransportSecurity</key><dict>
<key>NSExceptionDomains</key><dict><key>myserver.com</key><dict>
<key>NSIncludesSubdomains</key><false/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/></dict> </dict></dict>

So my doubt is whether this remains a permanent fix or whether I should use NSURLSession in my code.

Thanks, Abin

Improve this question
1

2 Answers 2

Reset to default
7

Adding the following to your Info.plist will disable ATS

<key>NSAppTransportSecurity</key>  
<dict>  
    <key>NSAllowsArbitraryLoads</key><true/>  
</dict>
Improve this answer
1

NSURLSession is also subject to App Transport Security. The real question you have to ask yourself is whether you're transferring sensitive information. If you are, you should use https so that the information is secure.

In this case, App Transport Security is basically warning you that the data you're sending or receiving is going via an insecure route, when compared to the best practices for transferring information securely. It's then up to you to make the decision based on your own knowledge about the data. If it's downloading public, non-personal information, you might simply make an exception in the plist and carry on. If you're throwing people's dates of birth or social security numbers around, probably not...

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.