I have an app that works fine in ios 9 and 10.0 (I have add the App Transport Security blocking with “Allow Arbitrary Loads = YES” to my info.plist. But after upgrade to 10.1 and Xcode 8.1 there seem to be a problem with the App Transport Security. I can not connect to server. My server only support up to TLS 1.1
Showing this error
Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.
May be IOS 10.1 ignore the .plist info. (Note that on 9.3 till 10.0 it is still working fine).
My .plist file
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<string>SingPost</string>
<key>CFBundleExecutable</key>
<string>${EXECUTABLE_NAME}</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>${PRODUCT_NAME}</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.8.7</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>fb1540614276180366</string>
</array>
<key>Item 0</key>
<string>fb1540614276180366</string>
</dict>
</array>
<key>CFBundleVersion</key>
<string>1.8.7</string>
<key>FacebookAppID</key>
<string>1540614276180366</string>
<key>FacebookDisplayName</key>
<string>Singpost</string>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>prdesb1.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>mobile.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
<key>NSCameraUsageDescription</key>
<string>$(PRODUCT_NAME) camera use</string>
<key>NSLocationAlwaysUsageDescription</key>
<string> </string>
<key>NSLocationWhenInUseUsageDescription</key>
<string> </string>
<key>NSPhotoLibraryUsageDescription</key>
<string>$(PRODUCT_NAME) uses photos</string>
<key>UIAppFonts</key>
<array>
<string>OpenSans-Regular.ttf</string>
<string>OpenSans-Bold.ttf</string>
<string>OpenSans-Semibold.ttf</string>
<string>OpenSans-Light.ttf</string>
<string>OpenSans-LightItalic.ttf</string>
</array>
<key>UIBackgroundModes</key>
<array>
<string>remote-notification</string>
</array>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>armv7</string>
</array>
<key>UIRequiresFullScreen</key>
<true/>
<key>UISupportedInterfaceOrientations</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
<key>UISupportedInterfaceOrientations~ipad</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
</dict>
</plist>
I fix my add exeptiondomain but have this error in console
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) –
Edit from suggestion. I change my plist to
<key>mobile.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>mysam.sg</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
A Boolean value indicating whether App Transport Security restrictions are disabled for all network connections. iOS 9.0+ iPadOS 9.0+ macOS 10.11+
App Transport Security (ATS) is enabled by default when using NSURLSession , NSURLConnection , or CFURL in iOS 9 or OS X El Capitan which enforces the application to use HTTPS with TLS 1.2 for all the network communications with the back end server.
On Apple platforms, a networking feature called App Transport Security (ATS) improves privacy and data integrity for all apps and app extensions. ATS requires that all HTTP connections made with the URL Loading System—typically using the NSURLSession class—use HTTPS.
By specifying NSAllowsArbitraryLoadsInWebContent
, you are overriding NSAllowsArbitraryLoads
on iOS 10.
In iOS 10 and later, and macOS 10.12 and later, the value of [the
NSAllowsArbitraryLoads
] key is ignored if any of the following keys are present in your app’s Info.plist file:
- NSAllowsArbitraryLoadsForMedia
- NSAllowsArbitraryLoadsInWebContent
- NSAllowsLocalNetworking
Source: App Transport Security dictionary primary keys (Apple)
Additionally, the NSExceptionDomain
dictionaries you have provided don't seem to match the current documented format. Specifically, the keys don't match:
NSTemporaryExceptionAllowsInsecureHTTPLoads
should be NSExceptionAllowsInsecureHTTPLoads
NSTemporaryExceptionMinimumTLSVersion
should be NSExceptionMinimumTLSVersion
NSTemporaryExceptionRequiresForwardSecrecy
should be NSExceptionRequiresForwardSecrecy
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With