App Transport Security has blocked a cleartext HTTP

Question

truweight OP

Created Oct ’15

Replies 6

Boosts 0

Views 15k

Participants 5

Please anyone suggest how to disable HTTPS security blocking in my MAC OS 10.10.5

Below error is occured>

Error in updateInfoFromServer: Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7f9d92e41250 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSErrorFailingURLStringKey=http://10.2.195.167:9000/m/ios/client/getFoodListCountIOS, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLKey=http://10.2.195.167:9000/m/ios/client/getFoodListCountIOS}}, NSErrorFailingURLStringKey=http://10.2.195.167:9000/m/ios/client/getFoodListCountIOS, NSErrorFailingURLKey=http://10.2.195.167:9000/m/ios/client/getFoodListCountIOS, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.} The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

Please anyone help.

Boost

Answer 1

truweight OP

Oct ’15

I'm using local ip address to access my webservices.

Please help me

0

Answer 2

DTS Engineer OP

Apple

Oct ’15

First up, I’ve moved your thread to Core OS > Networking because this is more about networking than Objective-C.

Next, you wrote:

Please anyone suggest how to disable HTTPS security blocking in my MAC OS 10.10.5

This makes no sense to me. App Transport Security (ATS) is a feature of iOS 9 and OS X 10.11, so it should have no effect on 10.10.x.

Regardless, I recommend you start by reading the ATS documentation, namely, the App Transport Security Technote. If you’re still having problems after that, please post back with more details.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 3

toastedtoad OP

Dec ’15

I have encountered the same problem with an App.

Adding the plist exemptions seems to have no effect on my OSX App, works great on iOS. Even turning TLS off entirely does NOT solve this problem

I am using XCode 7.2 on OSX 10.11.2.

Please advise, this is currently blocking release.

<key>NSAppTransportSecurity</key>

<dict>

<key>NSAllowsArbitraryLoads</key>

<true/>

<key>NSExceptionDomains</key>

<dict>

<key>apmex.com</key>

<dict>

<key>NSIncludesSubdomains</key>

<true/>

<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>

<true/>

<key>NSTemporaryExceptionMinimumTLSVersion</key>

</dict>

<dict>

<key>NSIncludesSubdomains</key>

<true/>

<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>

<true/>

<key>NSTemporaryExceptionMinimumTLSVersion</key>

</dict>

<key>saintsoftware.blogspot.com</key>

<dict>

<key>NSIncludesSubdomains</key>

<true/>

<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>

<true/>

<key>NSTemporaryExceptionMinimumTLSVersion</key>

</dict>

0

Answer 4

DTS Engineer OP

Apple

Dec ’15

Your ATS dictionary doesn’t make any sense. If you set

NSAllowsArbitraryLoads

to true then there’s no point adding an exception domain that sets

NSTemporaryExceptionAllowsInsecureHTTPLoads

to true. That’s because, when ATS evaluations a request, it first looks at the exception dictionary to see if there’s a match. If it finds one, it uses the settings there (and only the settings there), otherwise it checks

NSAllowsArbitraryLoads

. So, if

NSAllowsArbitraryLoads

is true then the only reason to have an exception domain is to tighten security for that domain.

Regardless, I recommend that you first check that ATS is the actual problem. To to this, use a dictionary like this:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

That completely disables ATS, so if things still fail then you know you have some other issue.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

DTS will close for the winter holidays at the end of business on Wed, 23 Dec 2015 and re-open on Mon, 4 Jan 2016.

0

Answer 5

ZaurM OP

Nov ’20

Try this:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsLocalNetworking</key>
<true/>
</dict>

0

Answer 6

timsonner OP

Jul ’21

I was getting the error: "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection."

I realized the compiler was complaining about a parameter I had specified on a URLComponents object. The URLComponents object's .scheme paramater was set as "http", so I changed it to "https" and voila error goes away. Maybe somewhere in your url object, there is an "http", and the compiler wants "https". Hope this helps.

Also, make sure if you haven't already added the dictionary "App Transport Security Settings" to your main app targets info, inside this dictionary there should be a boolean value "Allows Arbitrary Loads", it's value should be set to "YES"

This was done on XCode 13 beta 1

0