2

Heyy, I have spent the last day or so racking my brain trying and failing to disable the ATS, I know it is deemed bad too, but I am currently only working on the app internally. I have tried many suggestions online to no avail, latest try below of info.plist. I am lost as to what to do? 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CFBundleDevelopmentRegion</key>
    <string>en</string>
    <key>CFBundleExecutable</key>
    <string>$(EXECUTABLE_NAME)</string>
    <key>CFBundleIdentifier</key>
    <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
    <key>CFBundleInfoDictionaryVersion</key>
    <string>6.0</string>
    <key>CFBundleName</key>
    <string>$(PRODUCT_NAME)</string>
    <key>CFBundlePackageType</key>
    <string>BNDL</string>
    <key>CFBundleShortVersionString</key>
    <string>1.0</string>
    <key>CFBundleSignature</key>
    <string>????</string>
    <key>CFBundleVersion</key>
    <string>1</string>

    <key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>localhost</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>
</dict>
</plist>

Debug console eror print

error=Optional(Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7f9670e85620 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://localhost/sfc/manualorder.php, NSErrorFailingURLKey=http://localhost/sfc/manualorder.php, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.})

Robert J. Clegg
  • 7,231
  • 9
  • 47
  • 99
Vaishal Patel
  • 399
  • 4
  • 24
  • 2
    I wouldn't bother with the exception domain, I would just turn ATS off altogether. It is a good idea, in theory, but in practice there is still a lot of http services out there. I think Apple have gone a bit too far with ATS. Blocking insecure ciphers and bad TLS versions is good but simply disallowing HTTP means that I have had to turn ATS off in several of my apps because I don't know the servers that my users are going to connect to – Paulw11 Oct 01 '15 at 16:39
  • Hello Paul I would be in total agreement with you, thus have tried to turn it off and have tried many solutions none of which are seem to be working on xcode 7.1 beta 2. The way Nicolas S has suggested should be working but it does not seem to be at all. – Vaishal Patel Oct 02 '15 at 08:20
  • It shouldn't matter what version of Xcode you are using. It will depend on the iOS version. Are you using 9.1 beta? Make sure you are editing the correct plist – Paulw11 Oct 02 '15 at 08:29
  • @Paulw11 I would like to hope not. iOS 9.0 IS the version on the simulators and 9.0.2 on iphone. I only have a the one info.plist as I am aware – Vaishal Patel Oct 02 '15 at 13:33
  • i just downloaded Xcode 7.1 beta 2 and loaded an existing app with ATS disabled and it worked fine. I am using the `NSAllowsArbitraryLoads` key – Paulw11 Oct 03 '15 at 07:50
  • Hey @Paulw11 thanks for your help, I have managed to solve it now. I just created a custom new plist for what I needed and this is working. – Vaishal Patel Oct 06 '15 at 12:37

1 Answers1

5

If you want to disable ATS, you can just add this to the Info.plist

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

And when you're finished working on your app, you can re enable it and go granular with whitelisting your domains.

Like this, the first includes all subdomains and the second does not:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>maindomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>other.domain.net</key>
        <dict>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

One added step that you may require if you're testing on simulator, is to both clean the project and reset the content and settings of the simulator, then build and run again.

Nicolas S
  • 5,325
  • 3
  • 29
  • 36
  • First of all thank you for your response, I tried your top suggestion but did not work for me, I am running Xcode 7.1 Beta 2, I shall though try again just to reconfirm. – Vaishal Patel Oct 02 '15 at 08:17
  • Update** have tried your top suggestion again, and true to form it is not working. – Vaishal Patel Oct 02 '15 at 09:21
  • Just in case, did you delete the app from the device and then clean, build and run? – Nicolas S Oct 02 '15 at 13:47
  • yes! did that and also reset simulator. Got it working now, thanks. – Vaishal Patel Oct 06 '15 at 12:36
  • @VaishalPatel great ! I've added a note on the answer about that for further notice, and if you got it working please select an answer as correct so the question is closed :) – Nicolas S Oct 06 '15 at 17:49