App Transport Security Xcode 7 beta 6

Question

I'm currently working on Xcode 7 beta 6. I'm trying to send a "DELETE" request to http://mySubdomain.herokuapp.com

The error I receive is:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
Error making API call: Error Domain=NSURLErrorDomain Code=-1022 The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.
NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSUnderlyingError=0x796f7ef0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}}

In my actual API call I put "https" instead of "http" and that actually worked for my POST requests. But the DELETE request throws the above error.

I've seen solutions on here that involve the pList file, but none of them have worked for me. I've listed my attempts below.

First attempt:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

Second try:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>herokuapp.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSThirdPartyExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
        </dict>
    </dict>
</dict>

And finally, I even put all these temporary keys in like so:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>herokuapp.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryIncludesSubdomains</key>
                <true/>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryThirdPartyExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSTemporaryThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSThirdPartyExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSTemporaryThirdPartyExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSRequiresCertificateTransparency</key>
                <false/>
                <key>NSTemporaryRequiresCertificateTransparency</key>
                <false/>
            </dict>
        </dict>
    </dict>

All with no luck! I always get the same error. The DELETE request is formatted correctly because when I manually do it from Postman, I get the desired result.

Here is what my actual API call method looks like, just in case there could be an issue here:

class func makeDELETEALLRequest(completion: (error:Bool) -> Void) {
        let session = NSURLSession.sharedSession()
        let url = NSURL(string:"https://mysubdomain.herokuapp.com/42kh24kh2kj2g24/clean")
        let request = NSMutableURLRequest(URL: url!)
        request.HTTPMethod = "DELETE"

        let task = session.dataTaskWithRequest(request) { (data, response, error) -> Void in

            if (error != nil) {
                print("Error making API call: \(error!)")
                completion(error: true)
            } else {
                let HTTPResponse = response as! NSHTTPURLResponse
                let statusCode = HTTPResponse.statusCode
                if (statusCode == 200){
                    print("Successfully deleted!")
                    completion(error: false)
                } else {
                    print("Different status code: \(statusCode)")
                    completion(error: true)
                }
            }
        }
        task.resume()
    }

Once again, I'm using Xcode 7 beta 6.

ABOUT MY SELECTED ANSWER The answer I selected as correct was right for me because I made all these changes to the wrong pList file in my project and that answer was the only one that addressed the possibility. The solutions offered by the other answers are not wrong, so any other people experiencing this issue should give them a try, since they are valid. I hope this helps anyone having similar issues.

Answer 1

I have solved it with adding some key in info.plist. As I am using objective C for some native application.

The steps I followed are:

1. Opened my Projects info.plist file

2. Added a Key called NSAppTransportSecurity as a Dictionary.

3. Added a Subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES as like following image.

Clean the Project and Now Everything is Running fine as like before.

Ref Link:

1. https://stackoverflow.com/a/32631185/2905967

2. https://stackoverflow.com/a/32609970

Answer 2

Appreciate you've tried adding the following, to your plist file:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

... you might want to try to change your line:

let url = NSURL(string:"https://mysubdomain.herokuapp.com/42kh24kh2kj2g24/clean")

to:

let url = NSURL(string:"http://mysubdomain.herokuapp.com/42kh24kh2kj2g24/clean")

Apologies if you have tried this. I can understand how frustrating it is when you think you've exhausted all avenues.

But as soon as I ran up my App on Xcode 7, so that I could test our Apps, one kicked off with the "App Transport Security" problem. We're using Oracle-based web-services and it's too late in the day to start configuring digital certificates for SSL-based HTTP. So, the above addition to my plist file did the trick. Appreciate you say you've tried this. But, just to help anyone else, it did actually work for me. It need to as I have no immediate way of enabling SSL on our Oracle box.

Answer 3

I, too, had trouble overriding App Transport Security after upgrading to xCode 7.0, and tried the same kinds of solutions you have to no avail. After walking away from it for awhile, I noticed that I had made the changes to the Info.plist under Supporting Files of "MyAppName Tests" rather than the one in the project itself. The Supporting Files folder in my project wasn't expanded, so I hadn't even noticed the Info.plist in it.

Typical amateur mistake, I'm sure, but they're only a couple of lines apart in the Project Navigator and it had me frustrated until I noticed the distinction. Thought I'd mention it in case you're having the same problem.