I have a WKWebView
which will display users' webpages using links gathered online.
Sometimes these links are http:
which are blocked by ATS
.
I've tried simply changing the links to https:
, which works sometimes.
However, very often I get an error "An SSL
error has occurred and a secure connection to the server cannot be made".
Sometimes the page simply redirects to the http:
, which gets blocked again.
Other times the https:
page is simply "Not found".
Removing http:
only results in "Unsupported URL"
error.
Is there any way to get WKWebView
to show these pages?
PLEASE DON"T suggest NSAllowsArbitraryLoads
, or even per-domain exceptions (I do not know in advance what the domains will be).
The pages load perfectly on Safari, and even mobile safari, so it must be possible.
Since then, we've recommended that you adopt WKWebView instead of UIWebView and WebView — both of which were formally deprecated. New apps containing these frameworks are no longer accepted by the App Store.
Load Local HTML File to a WKWebViewlet myUrl = myProjectBundle. url(forResource: "my-html-file", withExtension: "html")!
WKWebView. WKWebView was introduced in iOS 8 allowing app developers to implement a web browsing interface similar to that of mobile Safari. This is due, in part, to the fact that WKWebView uses the Nitro Javascript engine, the same engine used by mobile Safari.
Unlike UIWebView, which does not support server authentication challenges, WKWebView does. In practical terms, this means that when using WKWebView, you can enter site credentials for password-protected websites.
So, the short answer is NSAllowsArbitraryLoadsInWebContent
, which will work great in iOS 10. However, if you try to run with that in your Info.plist on an iOS 9 device, it won't work.
If you want this to work on both iOS 9 and iOS 10, what Apple is recommending that you do is to put both NSAllowsArbitraryLoads
AND NSAllowsArbitraryLoadsInWebContent
in your Info.plist.
In iOS 9, since it doesn't recognize the NSAllowsArbitraryLoadsInWebContent
entry, it will allow all http content in the app (including your WKWebview). This isn't ideal, but as long as you are ensuring your critical connections elsewhere are secure, having Apple enforce it really doesn't do much.
In iOS 10 (which most of your users should be running) iOS will ignore the NSAllowsArbitraryLoads
if it also sees NSAllowsArbitraryLoadsInWebContent
. This means the rest of your app network communications will need to follow ATS's security requirements, while the WKWebView and UIWebView does not. This isn't a great solution, but it is the one recommended by Apple engineers when you need to support both iOS 9 and 10.
Note that when Apple does start to require justifications for ATS exceptions, the NSAllowsArbitraryLoadsInWebContent
entry is one of the ones that will trigger the need to justification. But, it is better than having NSAllowsArbitraryLoads
by itself, and you can put that in your justification and it should be accepted by Apple.
As posted in this article, add a top level property NSAppTransportSecurity
in info.plist
, then if the iOS version is 10 and above, add a boolean entry for NSAllowsArbitraryLoadsInWebContent
in this dictionary, otherwise NSAllowsArbitraryLoads
, such that the plist entry looks like
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
</dict>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With