Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

App Transport Security blocking with "Allow Arbitrary Loads = YES"

Tags:

ios

app-transport-security

amazon-ec2

ios9.3

I'm trying to access my Python CGI script running on an instance in Amazon EC2 though a POST request but even though I have changed my Info.plist file to allow arbitrary loads it shows:

error

Here's where I make the POST request:

let manager = AFHTTPRequestOperationManager()
        let URL = "http://ec2-XX-XX.compute-1.amazonaws.com/cgi-bin/hellopy2.py"
        let params = ["userToken": "XXXXXXXXXXX"]

        manager.POST(URL, parameters: params, success: { (operation, responseObject) -> Void in

Here is my info.plist file:

Info.plist

like image 836
David Avatar asked Jan 26 '26 17:01

David

1 Answers

Make sure you have the right Info.plist file

First, make sure that the Info.plist that you put those settings in is the one your project is using. You can verify this by going into your project settings and searching for Info.plist. Make sure that the Info.plist file where you set those values is the one for the build target you are building.

Example of Info.plist settings

You can also verify after the fact if you build your project to an IPA. Unzip the IPA, and in the folder that is unzipped, you should see an Info.plist file. Verify that your ATS settings are in that file to make sure the running app should use those exceptions.

Get the settings correct / consistent

Once you've verified this, you should clean up your settings. You use the global flag for allowing any insecure traffic. That will work for now, but after the end of 2016, you won't be able to submit to the store without providing Apple a justification and facing possible rejection. I would recommend not using it at this point, unless this is an app that won't be distributed through the app store (e.g. an enterprise app). If you do choose to use this flag, remove the exception domains, as they are unneeded (you are basically saying all domains are exceptions and allow http).

If you want to do it correctly, by only allowing insecure connections to amazonaws, your settings should simply look like this:

Cleaned up App Transport Security Settings without extra entries

If you have those settings, and your Info.plist configuration is correct, you should be able to access any amazonaws.com subdomains without https.

like image 64
wottle Avatar answered Jan 29 '26 07:01

wottle
Sign in to Comment

Related questions

How to get supported OpenGL ES versions available on any given iOS device at runtime?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!