Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding Objective-C How can I add NSAppTransportSecurity to my info.plist file?

Thread Rating:
  • 285 Vote(s) - 3.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
How can I add NSAppTransportSecurity to my info.plist file?

Offline Sirpatrol2


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-21-2023, 08:26 PM

[To see links please register here]

@5:55

I can't seem to be able to add this to my info.plist. There is no value it. I'm running XCode Version 7.0 beta (7A121l), and testing on iOS9.

Because I can't specifically declare what URL's I want as seen in the video, I keep getting "App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file" errors.

However, I don't seem to be able to configure it. Any ideas?
Reply

Offline garlandq


Member
*
Member
Posts: 0
Threads: 0
Joined: Feb 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-21-2023, 08:39 PM
try With this --- worked for me in Xcode-beta 4 7.0

<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourdomain.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>

Also one more option, if you want to disable ATS you can use this :

<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>

But this is not recommended at all. The server should have the SSL certificates and so that there is no privacy leaks.
Reply

Offline picara915467


Member
*
Member
Posts: 0
Threads: 0
Joined: Sep 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-21-2023, 08:51 PM
Just to clarify ...
You should always use httpS

But you can bypass it adding the exception:

[![enter image description here][1]][1]


[1]:
Reply

Offline peracid397


Member
*
Member
Posts: 0
Threads: 0
Joined: Mar 2018
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
07-21-2023, 09:03 PM
That wasn't working for me, but this did the trick:

<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
Reply

Offline ludovicoftgmejgkcg


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jan 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#5
07-21-2023, 09:12 PM
You have to add just the NSAllowsArbitraryLoads key to YES in NSAppTransportSecurity dictionary in your info.plist file.

For example,

<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>

[![enter image description here][1]][1]


[1]:
Reply

Offline sororate971


Member
*
Member
Posts: 0
Threads: 0
Joined: Nov 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#6
07-21-2023, 09:30 PM
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>com</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
<key>net</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
<key>org</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
This will allow to connect to .com .net .org
Reply

Offline facials588735


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jan 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#7
07-21-2023, 09:48 PM

**Update Answer (after wwdc 2016):**

IOS apps will require secure HTTPS connections by the end of 2016

App Transport Security, or ATS, is a feature that Apple introduced in iOS 9. When ATS is enabled, it forces an app to connect to web services over an HTTPS connection rather than non secure HTTP.

However, developers can still switch ATS off and allow their apps to send data over an HTTP connection as mentioned in above answers. At the end of 2016, Apple will make **ATS mandatory** for all developers who hope to submit their apps to the App Store. [link][1]


[1]:

[To see links please register here]

Reply

Offline assentatious946372


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Jan 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#8
07-21-2023, 09:52 PM
To explain a bit more about ParaSara's answer: App Transport security _will_ become mandatory and trying to turn it off may get your app rejected.

As a developer, you can turn App Transport security off if your networking code doesn't work with it, and you want to continue other development before fixing any problems. Say in a team of five, four can continue working on other things while one fixes all the problems. You can also turn App Transport security off as a debugging tool if you have networking problems and you want to check if they are caused by App Transport security. As soon as you know you should turn it on again immediately.

The solution that you _must_ use in the future is not to use http at all, unless you use a third party server that doesn't support https. If your own server doesn't support https, Apple will have a problem with that. Even with third party servers, I wouldn't bet that Apple accepts it.

Same with the various checks for server security. At some point Apple will only accept justifiable exceptions.

But mostly, consider this: You are endangering the privacy of your customers. That's a big no-no in my book. Don't do that. Fix your code, don't ask for permission to run unsafe code.
Reply

Offline shareship895751


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#9
07-21-2023, 10:07 PM
One bad news for developers using NSAppTransportSecurity.

UPDATE:
[Apple will require HTTPS connections for iOS apps by the end of 2016]

[To see links please register here]

Reply

Offline brunhilde386


Member
*
Member
Posts: 0
Threads: 0
Joined: Mar 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#10
07-21-2023, 10:26 PM
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>uservoice.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>

Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through