How to disable (ATS) Application Transport Security on Xcode 7


With the launch of iOS 9, Apple added a new level of security for communication of app and its web services. If you are creating any connection using NSURLConnection or NSURLSession in iOS 9 then you will need to use “App transport security (ATS)”, which will reject any insecure connections.

iOS 9 released has “App Transport Security” which encourages developers to use https instead of http.

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app’s Info.plist file.

To ignore all app transport security restrictions, add following key in your app’s Info.plist file.

<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

ATS.png

 

Also, You can add exceptions for specific domains in your Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <false/>
    <key>NSExceptionDomains</key>
    <dict>
        <key><!-- your_remote_server.com / localhost --></key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <true/>
        </dict>
    <!-- add more domain here -->
    </dict>
</dict>
ATS#2.png

P.S.
See Apple’s Info.plist reference for full details

Advertisements