Application Transport Security ? | Apple Developer Forums

• Apple Developer

• Apple Developer

Forums Search for a topic, subtopic, or tag Clear search query Local Nav Open Menu Local Nav Close Menu

• Search

Post Profile ▲

• Sign in
• Create account

Application Transport Security ? App & System Services Core OS Beta watchOS CFNetwork You’re now watching this thread. If you’ve opted in to email or web notifications, you’ll be notified when there’s activity. Click again to stop watching or visit your profile to manage watched threads and notifications. You’ve stopped watching this thread and will no longer receive emails or web notifications when there’s activity. Click again to start watching. Arnonymous OP Created Jun ’15 Replies 33 Boosts 0 Views 289k Participants 28

When I try to start an URL Request to my website from watchOS 2 the request fail and i get this message :

Application Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

what can i do ? All i've found in the doc is :

App Transport Security

App Transport Security (ATS) lets an app add a declaration to its

Info.plist file that specifies the domains with which it needs secure communication. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.

If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible.

But nothing about the name of the key in Info.plist..

Boost Copy to clipboard Share this post Copied to Clipboard Replies 33 Boosts 0 Views 289k Participants 28 mattryan OP Jun ’15 Accepted Answer

Adding the following to your Info.plist will disable ATS

<key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key><true/> </dict> 0 comments 1 Copy to clipboard Share this post Copied to Clipboard Load more Add comment Rumple OP Jun ’15

Where in the doc did you find this information? Is there more useful information?

Tag: App Transport Security

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment stevenp OP Jun ’15

It's not in the documentation. I found it by doing a search of the contents of the CFNetwork binary. There are other keys, but I haven't figured out how to use them yet.

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment Jeroen OP Jun ’15

The info you are looking for:

NSAppTransportSecurity NSExceptionDomains "example.com" NSIncludesSubdomains = YES NSExceptionRequiresForwardSecrecy = NO NSExceptionMinimumTLSVersion = "TLSv1.1"

Check it out in WWDC session 711

https://developer.apple.com/videos/wwdc/2015/?id=711 @ 5:55

🙂

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment DriveTime Traffic OP Jun ’15

That's good if you've found your solution, however a word of caution re the iOS9 beta and HTTPS: at least one bug exists where legitimate HTTPS URLs are not seeing successful connections because of an SSL bug. See my issue here: https://forums.developer.apple.com/thread/4988 - although this is an SSL issue to do with Mapkit URLs, I would expect it'd be affecting more than just those. Most SSL issues resolve down to a lack of trust; by design if anything in the trust checklist between two parties doesn't succeed, the whole request fails. Anyway, regarding this beta and its SSL problem, if I find a way of working around this, I'll update that linked issue above.

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment Universalis OP Jun ’15

The problem may be that ATS is requiring TLS 1.2-only servers, presumably to prevent attacks that involve downgrades to lower versions of the protocol. Evidence in favour of this is that Amazon servers (which do support TLS 1.2) are also blocked, though with a different code. See the thread at https://forums.developer.apple.com/thread/4017, and DO FILE A BUG REPORT ABOUT THIS. That is what beta testing is for.

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment LCS OP Jun ’15

There is some (recently added) documentation here:

https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/index.html

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment Saliency OP Jun ’15

This bypass doesn't appear to work anymore on beta 2 -- my app fails to install on either the hardware or on the simulator. Has anyone found a workaround?

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment suileglas OP Jul ’15

Saliency, it must be something else other than just this causing a failure (one of perhaps many numerous problems?). I just was able to get around this network error today on beta 2 (simulator) -- it's worked many times for me after conversion of an app. Watch menus, however, never fire their IBActions for me 😟.

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment Saliency OP Jul ’15

How's beta 3 working for you?

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment iPad_dev OP Jul ’15

this works on beta 3

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment suileglas OP Jul ’15

Same problem as before, could just be a bug in the sdk. I've kinda given up on bleeding edge stuff (like WatchKit 2.0) and using Xcode 7 b3 for more pedestrian things like iOS apps. Really hard to know what's going on; filed a bug a few weeks ago, no response, no acknowledgement. These forums are hard to follow because there's no inbox and no interactivity -- vast difference when compared to StackOverflow. BTW the network bypass works for me on b2 and b3.

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment hanpa OP Jul ’15

I tried this and the app works on the Simulator. When running on my iPhone iOS 8.4 with Apple Watch (old Watch OS) the app "hangs".

I've set 8.4 as deployment target but maybe this combination doesn't work with Swift 2 and Xcode 7 beta 3?

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment auco OP Jul ’15

Dang it: the screenshot in the video was really confusing.

The WWDC video "Networking with NSURLSession" showed this:

<dict> <key>NSExceptionDomains</key> <dict> <key>subdomain.somedomain.com</key> <dict> <key>NSIncludesSubdomains</key><true/> <key>NSExceptionAllowsInsecureHTTPLoads</key><true/> <key>NSExceptionRequiresForwardSecrecy</key><false/> </dict> </dict> </dict>

but this did not seem to work for IP addresses (e.g. 127.0.0.1 or localhost).

In order to allow any http, you just need the afore mentioned key that seems to opt out completely:

<dict> <key>NSAllowsArbitraryLoads</key><true/> </dict>

note: tried on beta 4

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment LongTiger OP Aug ’15

It doesn't work with Swift 2 and Xcode7 beta 5 .How to fix it ? pls help me

0 comments 0 Copy to clipboard Share this post Copied to Clipboard Load more Add comment

1. First
2. Page 1 of 3
3. Last

Page 1/3 Application Transport Security ? First post date Last post date Q