App Transport Security, exception domain issue

Question

In an iOS app, I am having troubles with App Transport Security:

I have read many post on the net, but for some reason what I set in my Info.plist seems to be ignored. I have tried several possibilities, here is the last one:

<plist version="1.0">
<dict>
    ……..
    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>mydomain.net</key>
            <dict>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict>
    ……..
</dict>
</plist>

But whatever I set in the Info.plist I keep getting this message:

2016-03-25 13:21:17.234 MyApp[3587:1285514] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

What could I be missing?

Answer 1

You should not use :

`<key>NSAppTransportSecurity</key>
  <dict>
      <key>Allow Arbitrary Loads</key>
     <true/>
 </dict>`

This allows ALL unsecured links, unless if you do not care about security of information. The way you did it should be correct, maybe use the NSTemporaryThirdPartyExceptionAllowsInsecureHTTPLoads might help you!

Check this: App Transport Security