-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Aug 15, 2016 2:01 AM (in response to LaddVanTOl)Should we expect this to work for UIWebView […], or is the support only available for WKWebView?
Yes. Originally
NSAllowsArbitraryLoadsInWebContent
was only spec’d to support WKWebView. The support for UIWebView is a post-WWDC addition (r. 26903639). I’m now off to update my pinned post to mention that (-:I was testing this in my app with the iOS 10 simulator (Xcode 8, beta 5), and was not able to get UIWebView to function properly on non-ATS compliant hosts -- I get an error like so:
2016-08-12 11:20:59.666 eBay[2528:1559544] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
I tested
NSAllowsArbitraryLoadsInWebContent
with UIWebView accessing a plain HTTP site and it worked for me (like you, in the Xcode 8.0b5 simulator). I suspect that this issue might be site specific. Can you post the URL that’s causing problems?Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
LaddVanTOl Aug 16, 2016 3:40 PM (in response to eskimo)Yes, the URL is
https://scgi.ebay.com/ws/eBayISAPI.dll?FYPShow
I'm downloading beta 6 now to see if anything has changed.
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Aug 17, 2016 1:31 AM (in response to LaddVanTOl)I took my UIWebView test app, changed the ATS dictionary to set just
NSAllowsArbitraryLoadsInWebContent
, and then pointed the app at that URL. I then set a breakpoint on-webView:didFailLoadWithError:
and printed the full error:(lldb) po error Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x610000241c50 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://fyp.ebay.com/ EnterUserInfo?&clientapptype=16, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamPropertySSLClientCertificateState=0, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://fyp.ebay.com/EnterUserInfo?& clientapptype=16, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://fyp.ebay.com/EnterUserInfo?& clientapptype=16, NSErrorFailingURLStringKey=https://fyp.ebay.com/EnterUserInfo?& clientapptype=16, _kCFStreamErrorDomainKey=3}
Note the failing URL,
https://fyp.ebay.com
. SoNSAllowsArbitraryLoadsInWebContent
is working for the initial URL but failing for this one.Poking at that server with
TLSTool
I see the following:$ TLSTool s_client -connect fyp.ebay.com:443 * input stream did open * output stream did open * output stream has space * protocol: TLS 1.0 * cipher: RSA_WITH_RC4_128_MD5 * trust result: unspecified * certificate info: * 0 + rsaEncryption 2048 sha256-with-rsa-signature 'fyp.ebay.com' * 1 + rsaEncryption 2048 sha256-with-rsa-signature 'Symantec Class 3 Secure Server CA - G4' * 2 rsaEncryption 2048 sha1-with-rsa-signature 'VeriSign Class 3 Public Primary Certification Authority - G5' ^C
Oi vey! That cypher suite,
RSA_WITH_RC4_128_MD5
, is chock full of obsolete and insecure protocols (RC4, MD5, no forward secrecy).My guess as to what’s happening here is that
NSAllowsArbitraryLoadsInWebContent
has disabled most, but not all, of the ATS checks for UIWebView. So you can load plain text sites, and sites with other problems (for example,scgi.ebay.com
doesn’t support forward secrecy), but either RC4 or MD5 is still tripping it up. Please file a bug about this, then post your bug number here, just for the record.The obvious workaround would be to continue to use
NSAllowsArbitraryLoads
until this problem is resolved.You should also contact the site owner: the level of security for that site is way below what I would expect to see on the modern Internet.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
LaddVanTOl Aug 17, 2016 3:09 PM (in response to eskimo)Thanks for the very helpful answer. Bug filed here:
rdar://27892687
As noted in the bug, WKWebView appears to silently fail in this scenario, while UIWebView errors.
Agreed on the security settings -- I will separately pursue getting that fixed.
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
AlexeyB86 Oct 13, 2016 8:46 AM (in response to LaddVanTOl)This issue is also critical for our app.
How to track it? Cannot find it in Apple's bug tracker.
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Oct 14, 2016 1:06 AM (in response to AlexeyB86)This issue is also critical for our app. How to track it? Cannot find it in Apple's bug tracker.
Indeed. Bug Reporter will only let you see the status of requests that you file. What you can do here is file your own request and specifically ask for it to be dup’d to 27892687. You’ll then be able to see the status of that bug (and by “status” I mean the open and closed state, not any of the details).
I just took a look at 27892687 myself and it looks like it’s making real progress, although at this point it’s unlikely to catch the iOS 10.1 bus.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
rex-remind101 Dec 13, 2016 11:11 AM (in response to eskimo)Apple is poised to reject apps that have `NSAllowsArbitraryLoads` in a few weeks. If this isn't fixed yet then it's going to cause a lot of problems. Do you know if it will be ready before January?
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Dec 14, 2016 1:23 AM (in response to rex-remind101)Do you know if it will be ready before January?
With regards the specific issue I mentioned above (r. 27892687), see my Nov 1 post later in this thread.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
-
-
-
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
nmcc Aug 19, 2016 8:05 AM (in response to eskimo)Hey guys,
Any update on this @Eskimo? I'm facing the issue with Xcode 8 Beta 6 for most of the requests that are non-ATS compliant.
Regards.
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Aug 22, 2016 2:15 AM (in response to nmcc)Any update on this @Eskimo?
From my perspective I’ve taken this about as far as I can:
AFAICT this is a bug in the implementation of
NSAllowsArbitraryLoadsInWebContent
.LaddVanTOl has already filed a bug about it (r. 27,892,687).
The workaround is to stick with
NSAllowsArbitraryLoads
until ATS Engineering fixes that bug.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
nmcc Aug 22, 2016 3:07 AM (in response to eskimo)Thanks mate. Since beta 7 has been release, I will debug with this new version and hope it has been fixed. Anyway, i'll give feedback as soon as I finish testing so other developers know the current status.
PS: Bug still not fixed with new Beta 7
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Aug 23, 2016 1:36 AM (in response to nmcc)Oh, one more thing here. The specific cypher suite I mentioned above (
RSA_WITH_RC4_128_MD5
) should not work at all on iOS 10 because we’ve disabled RC4 entirely (as mentioned in WWDC 2016 Session 706 What’s New in Security). I suspect what’s going on here is that the server is choosing an RC4-based cypher suite if the client offers it, but choosing some other suite otherwise, and that this other suite is falling afoul of the forward secrecy problem that LaddVanTOl noticed.Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
-
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
LaddVanTOl Aug 22, 2016 12:06 PM (in response to eskimo)@eskimo:
It appears that the webview in this case is mandating Forward Secrecy by only advertising ECDHE ciphers. This seems overly restrictive, given that NSAllowsArbitraryLoadsInWebContent is turned on.
WireShark capture from iOS 10 beta 6 device below, with a UIWebView attempting to load fyp.ebay.com.
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
My case should work if the additional non-ECDHE ciphers were available:
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
mike.wottle Nov 29, 2016 4:46 PM (in response to LaddVanTOl)Seeing similar behaviour and probable related - will have to check out the newest Beta. Had to ask though - this can't be *the* LAdd Van Tol, can it? Of VMUGM fame? (I hope it is, otherwise I just sound like an idiot).
-
-
-
-
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
kumar.pavan Aug 24, 2016 7:33 PM (in response to LaddVanTOl)How about support for iOS9 UIWebviews?
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Aug 25, 2016 1:20 AM (in response to kumar.pavan)How about support for iOS9 UIWebviews?
Check out the App Transport Security pinned post. In addition to a whole bunch of other info, it has a link to the current pre-release documentation, and that documentation specifically covers ATS, App Review and backwards compatibility.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
chocoyama Aug 30, 2016 8:07 PM (in response to eskimo)We have some questions about ATS.
First, is this setting OK in iOS9 and iOS10 to access 'HTTP' contents with 'UIWebview'?
<key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoadsInWebContent</key> <true/> <key>NSAllowsArbitraryLoads</key> <true/> </dict>
Second, do we have to justify the setting as this document says?
> Your use of certain App Transport Security (ATS) keys triggers additional App Store review for your app, and requires you to provide justification. These keys are:
> ・NSAllowsArbitraryLoads
> ・NSExceptionAllowsInsecureHTTPLoads
> ・NSExceptionMinimumTLSVersion
Third, can we continue to use the setting in future ( 2017~ ) ?
thanks.
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Aug 31, 2016 2:09 AM (in response to chocoyama)First, is this setting OK in iOS9 and iOS10 to access 'HTTP' contents with 'UIWebview'?
That depends on what you mean by “OK”:
If you’re asking whether it will work, I expect so but the reality is that you should test it.
If you’re asking whether it will pass App Review, that’s not something I can give a definitive answer to. I don’t work for App Review and can’t speak on their behalf.
Second, do we have to justify the setting as this document says?
Again, you’re asking about App Review policy, which isn’t something I can speak to. However, I should point out that the pre-release doc you linked to covers the backward compatibility issue (in the
NSAllowsArbitraryLoadsInWebContent
row in Table 2).Third, can we continue to use the setting in future ( 2017~ ) ?
I can’t talk about the future beyond what we’ve actually announced.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
chocoyama Sep 12, 2016 6:59 PM (in response to eskimo)Thank you for the reply.
We verified NSAllowsArbitraryLoadInWebContent setting behavior.
Now we can load "http" content in UIWebView with NSAllowsArbitraryLoadInWebContent setting.
But in this setting, if we use NSURLSession, cannot load http resources.
So, please let me ask two additional question .
1
Does this specification will continue in the future?
2
If we use NSURLSeesion with NSAllowsArbitraryLoadsInWebContent setting after 2017, must we use NSURLSession "https" resources only?
thanks.
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Sep 13, 2016 1:39 AM (in response to chocoyama)But in this setting, if we use NSURLSession, cannot load http resources.
Indeed.
1 Does this specification will continue in the future?
I would expect so.
NSAllowsArbitraryLoadsInWebContent
was specifically designed to allow arbitrary loads in a web view only. It does not affect loads via NSURLSession. If you want to allow arbitrary loads in NSURLSession, setNSAllowsArbitraryLoads
.2 If we use NSURLSeesion with NSAllowsArbitraryLoadsInWebContent setting after 2017, must we use NSURLSession "https" resources only?
No. You can use
NSAllowsArbitraryLoads
as I mentioned above, with the caveat that you must justify that use to App Review. My App Transport Security pinned post has more on this, including a link to the documentation that specifically addresses the App Review side of things.Personally, if I were in your shoes I’d simply switch to ATS-compatible HTTPS. It’s best for your users and avoids any App Review entanglements.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
alexie.ursache Sep 21, 2016 9:08 AM (in response to eskimo)Hi Eskimo,
Thanks for all the info you've posted here but I also have a problem which I tried to solve since the first Xcode 8 beta release.
We have an app that's using a WebView for SSO and it's not fully ATS compatible as follows:
TLSTool s_client -connect sampledomain.com:443
returns:
* protocol: TLS 1.0
* cipher: RSA_WITH_3DES_EDE_CBC_SHA
I tried unsuccessfully to use NSAllowsArbitraryLoadsInWebContent and based on the LaddVanTOl comment it looks like the RSA_WITH_3DES_EDE_CBC_SHA is not in the list of ciphers supporting FS nor accepted as part of NSExceptionRequiresForwardSecrecy
A workaround is to use a NSExceptionDomains:
<key>sampledomain.com</key> <dict> <key>NSExceptionRequiresForwardSecrecy</key> <false/> <key>NSTemporaryExceptionMinimumTLSVersion</key> <string>TLSv1.0</string> </dict>
but I was wondering if the NSAllowsArbitraryLoadsInWebContent fix will allow all ciphers not suporting FS
as well as TLSv1.0?
We've also used WKWebView and the error was the same as in WebView._kCFStreamErrorDomainKey:3
_kCFStreamErrorCodeKey:-9824
NSLocalizedDescription:An SSL error has occurred and a secure connection to the server cannot be made
Thanks for your time.
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Sep 22, 2016 1:05 AM (in response to alexie.ursache)In speaking with the ATS team it’s clear that they intend
NSAllowsArbitraryLoadsInWebContent
to allow arbitrary loads, that is, it should completely disable ATS for all resources loaded by the web view, including resources loaded indirectly (for example, resources loaded by the media subsystem as part of movie playback within the web view). I can’t guarantee that it works in all possible cases, but if it doesn’t then that’s bugworthy.With regards your specific case I expect
NSAllowsArbitraryLoadsInWebContent
to encompass both the forward secrecy and TLS version exceptions. If that’s not working then it’s something I’d like to look at in more depth.Is the server you’re talking to on the wider Internet? If so, can you post the URL? If not, you should open a DTS tech support incident and we can take this offline.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
saranya_siva Oct 26, 2016 3:31 AM (in response to eskimo)Hi Eskimo,
We have web-browser kind of iOS application. WKWebview is used for building the browser. App Transport Security specification looks like below
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
...
</dict>
But I am facing issues with many websites in iOS 10. Eg. https://search.norton.com. I just verified using nscurl and found that Perfect Forward Secrecy is not enabled for this website.
Is NSAllowsArbitraryLoadsInWebContent expected to behave this way ? Not loading sites which does not support forward secrecy.
What is the best approach in ATS for application with web browser which needs load almost all the URLs?
Thanks in advance
Saranya Sivanandham
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Oct 27, 2016 1:02 AM (in response to saranya_siva)Is NSAllowsArbitraryLoadsInWebContent expected to behave this way?
I thought I was pretty clear about this in my post on 22 Sep. To recap:
NSAllowsArbitraryLoadsInWebContent
should allow arbitrary loads in a web view.If that’s not working for some specific sites, you should file a bug about it.
A number of developers have already filed bugs like this and ATS Engineering is actively working to fix them. AFAIK none of those fixes went into 10.1 but you should definitely re-test on any post-10.1 seeds that we might make in the future.
The only workaround to such problems right now is to eschew
NSAllowsArbitraryLoadsInWebContent
and stick withNSAllowsArbitraryLoads
.Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
-
-
-
-
-
-
-
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Nov 1, 2016 1:14 AM (in response to LaddVanTOl)I just took a look at 27892687 myself and it looks like it’s making real progress, although at this point it’s unlikely to catch the iOS 10.1 bus.
27892687 is reported as fixed in the current 10.2 beta seed (14C5062e). If you were previously having problems with
NSAllowsArbitraryLoadsInWebContent
, please try again on that seed and, if you still see problems, please file a bug and post the bug number here.Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
audible59 Nov 3, 2016 11:23 AM (in response to eskimo)Mr. Eskimo, I am still experiencing problems with NSAllowsArbitraryLoadsInWebContent. I have filed an Apple Radar, here is the Bug ID: 29093259.
Thanks,
Kevin
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Nov 4, 2016 1:48 AM (in response to audible59)I am still experiencing problems with
NSAllowsArbitraryLoadsInWebContent
.Bummer.
I have filed an Apple Radar, here is the Bug ID: 29093259.
Thanks.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
-
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
chris.hoff Jan 27, 2017 7:05 AM (in response to LaddVanTOl)Same here, filed bug 30233586
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
dloic Jan 27, 2017 1:25 PM (in response to chris.hoff)Hi,
We're having a similiar issue on iOS 10.0 or 10.2 with a website loaded with HTTPS in WKWebview. Surprinsingly, removing the key NSAllowsArbitraryLoadsInWebContent and keeping only NSAllowsArbitraryLoads does not solve the issue.
Loading the same URL in Safari is working fine.
We did filed a bug too: 30239888
Thanks.
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
eskimo Jan 29, 2017 4:09 PM (in response to dloic)chris.hoff wrote:
Same here, filed bug 30233586
Please test this with the latest iOS 10.3 beta; AFAICT it works there.
btw
NSAllowsArbitraryLoadsInWebContent
was fixed to allow servers that don’t support forward secrecy in 10.2. The problem you’re having is that your server only supports TLS 1.0. That’s something you really need to fix on the server side; TLS 1.0 is very worrisome security-wise.dloic wrote:
We did filed a bug too: 30239888
On 10.2 I see the same failure as you do. On the latest 10.3 beta I don’t see that failure, but the page still doesn’t load, even when I remove
NSAllowsArbitraryLoadsInWebContent
and setNSAllowsArbitraryLoads
. I believe there are bigger problems afoot here.Also, your server has secure and pay in the name, but uses 3DES; that’s quite worrisome as well.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: NSAllowsArbitraryLoadsInWebContent in UIWebView
dloic Apr 3, 2017 1:51 PM (in response to eskimo)Hi,
I can confirm with public release 10.3 the issue is solved. WKWebview is properly using NSAllowsArbitraryLoads and NSAllowsArbitraryLoadsInWebContent flags.
Thanks!
-
-
-