App Transport Security has blocked a cleartext HTTP resource

Question

I am using Socket.IO library in swift and I keep getting this error:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

when I am trying to send an http request. I added the keys to plist according to the official apple documentation, but it did not help.

Answer 1

You need to correct it like this:

To make it easier, this is the correct xml in the info.plist

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>localhost</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
            </dict>
        </dict>
    </dict>

change the localhost to your actual server

Check the table for NSAppTransportSecurity options

If you want to all communications with any domain, you can do this:

 <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
    </dict>

However, you should use the latest just in the developing phase.

Answer 2

Another way to solve this, which I found more convenient, is to disable App Transport Security by default using the NSAllowsArbitraryLoads key. So any domains you do not include in the NSExceptionDomains dictionary (or if you don't include NSExceptionDomains at all) will not be subject to App Transport Security.