Monthly Archives: May 2016

Using non-secure web services in iOS

  By John | May 3, 2016 - 9:21 pm | , ,
Leave a comment

As of iOS7ish, if you try to access a normal web site with http:// instead of the more secure https://, you get an error at runtime:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app’s Info.plist file. To allow any http:// to get through, add the following to your Info.plist file

	<key>NSAppTransportSecurity</key>
	<dict>
		<key>NSAllowsArbitraryLoads</key>
		<true/>
	</dict>

or if you want specific domains to be allowed (example.com in this case):

	<key>NSAppTransportSecurity</key>
	<dict>
		<key>NSExceptionDomains</key>
		<dict>
			<key>example.com</key>
			<dict>
				<key>NSIncludesSubdomains</key>
				<true/>
				<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
				<true/>
				<key>NSTemporaryExceptionMinimumTLSVersion</key>
				<string>TLSv1.1</string>
			</dict>
		</dict>
	</dict>

That being said, its better to use secure web sites when possible.