Lê Khánh Vinh Lê Khánh Vinh - 22 days ago 21
iOS Question

App TranSport security, allow arbitrary load not working after upgrade to IOS 10.1

Hi I have an app that works fine in ios 9 and 10.0 (I have add the App Transport Security blocking with “Allow Arbitrary Loads = YES” to my info.plist. But after upgrade to 10.1 and Xcode 8.1 there seem to be a problem with the App Transport Security. I can not connect to server. My server only support up to TLS 1.1

Showing this error

Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.


May be IOS 10.1 ignore the .plist info. Any one has this problem? Any help is much appreciate. Thanks (Note. On 9.3 till 10.0 still working fine)

My .plist file

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleDisplayName</key>
<string>SingPost</string>
<key>CFBundleExecutable</key>
<string>${EXECUTABLE_NAME}</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>${PRODUCT_NAME}</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>1.8.7</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>fb1540614276180366</string>
</array>
<key>Item 0</key>
<string>fb1540614276180366</string>
</dict>
</array>
<key>CFBundleVersion</key>
<string>1.8.7</string>
<key>FacebookAppID</key>
<string>1540614276180366</string>
<key>FacebookDisplayName</key>
<string>Singpost</string>
<key>LSRequiresIPhoneOS</key>
<true/>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>prdesb1.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>mobile.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
<key>NSCameraUsageDescription</key>
<string>$(PRODUCT_NAME) camera use</string>
<key>NSLocationAlwaysUsageDescription</key>
<string> </string>
<key>NSLocationWhenInUseUsageDescription</key>
<string> </string>
<key>NSPhotoLibraryUsageDescription</key>
<string>$(PRODUCT_NAME) uses photos</string>
<key>UIAppFonts</key>
<array>
<string>OpenSans-Regular.ttf</string>
<string>OpenSans-Bold.ttf</string>
<string>OpenSans-Semibold.ttf</string>
<string>OpenSans-Light.ttf</string>
<string>OpenSans-LightItalic.ttf</string>
</array>
<key>UIBackgroundModes</key>
<array>
<string>remote-notification</string>
</array>
<key>UIRequiredDeviceCapabilities</key>
<array>
<string>armv7</string>
</array>
<key>UIRequiresFullScreen</key>
<true/>
<key>UISupportedInterfaceOrientations</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
<key>UISupportedInterfaceOrientations~ipad</key>
<array>
<string>UIInterfaceOrientationPortrait</string>
</array>
</dict>
</plist>


I fix my add exeptiondomain but have this error in console

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) –


Edit from suggestion. I change my plist to

<key>mobile.singpost.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>mysam.sg</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>

Answer

By specifying NSAllowsArbitraryLoadsInWebContent, you are overriding NSAllowsArbitraryLoads on iOS 10.

In iOS 10 and later, and macOS 10.12 and later, the value of [the NSAllowsArbitraryLoads] key is ignored if any of the following keys are present in your app’s Info.plist file:

  • NSAllowsArbitraryLoadsForMedia
  • NSAllowsArbitraryLoadsInWebContent
  • NSAllowsLocalNetworking

Source: App Transport Security dictionary primary keys (Apple)

Additionally, the NSExceptionDomain dictionaries you have provided don't seem to match the current documented format. Specifically, the keys don't match:

  • NSTemporaryExceptionAllowsInsecureHTTPLoads should be NSExceptionAllowsInsecureHTTPLoads

  • NSTemporaryExceptionMinimumTLSVersion should be NSExceptionMinimumTLSVersion

  • NSTemporaryExceptionRequiresForwardSecrecy should be NSExceptionRequiresForwardSecrecy