Programmers learn & share
+1 vote
30 views

Problem :

I am troubled by below mentioned strange looking app transport security error
app transport security has blocked a cleartext http (http://) resource load since it is insecure.
by (6.9k points)  
reopened by | 30 views

1 Answer

+1 vote
Best answer

Solution :

This was tested on iOS 9 GM seed. This is the configuration to allow a specific domain to use HTTP instead of HTTPS:

<key>NSAppTransportSecurity</key>
<dict>
      <key>NSAllowsArbitraryLoads</key> 
      <false/>
       <key>NSExceptionDomains</key>
       <dict>
            <key>example.com</key> <!--Include your domain at this line -->
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.1</string>
            </dict>
       </dict>
</dict>

Note : NSAllowsArbitraryLoads must be false.

As it disallows all insecure connection but the exceptions list allows connection to some domains without HTTPS.

by (36.1k points)  
selected by
2,218 questions
2,683 answers
59 comments
241 users