Home The resource could not be loaded because the App Transport Security policy requires the use of a secure connection
Reply: 16

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection

Manab Kumar Mal
1#
Manab Kumar Mal Published in 2015-09-17 13:11:51Z

I am facing the Problem when I have updated my Xcode to 7.0 or iOS 9.0. Somehow it started giving me the Titled error

"The resource could not be loaded because the App Transport Security policy requires the use of a secure connection"

Webservice Method:

-(void)ServiceCall:(NSString*)ServiceName :(NSString *)DataString
{
NSURLSessionConfiguration *sessionConfiguration = [NSURLSessionConfiguration defaultSessionConfiguration];
    [sessionConfiguration setAllowsCellularAccess:YES];
    [sessionConfiguration setHTTPAdditionalHeaders:@{ @"Accept" : @"application/json" }];
    NSURLSession *session = [NSURLSession sessionWithConfiguration:sessionConfiguration];

    NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:@"%@",ServiceURL]];
    NSLog(@"URl %@%@",url,DataString);
    // Configure the Request
    NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
    [request setValue:[NSString stringWithFormat:@"%@=%@", strSessName, strSessVal] forHTTPHeaderField:@"Cookie"];
    request.HTTPBody = [DataString dataUsingEncoding:NSUTF8StringEncoding];
    request.HTTPMethod = @"Post";

    // post the request and handle response
    NSURLSessionDataTask *postDataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error)
                                          {
                                              // Handle the Response
                                              if(error)
                                              {
                                                  NSLog(@"%@",[NSString stringWithFormat:@"Connection failed: %@", [error description]]);

                                                  // Update the View
                                                  dispatch_async(dispatch_get_main_queue(), ^{

                                                      // Hide the Loader
                                                      [MBProgressHUD hideHUDForView:[[UIApplication sharedApplication] delegate].window animated:YES];


                                                  });
                                                  return;
                                              }
                                              NSArray * cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:request.URL];
                                              for (NSHTTPCookie * cookie in cookies)
                                              {
                                                  NSLog(@"%@=%@", cookie.name, cookie.value);
                                                  strSessName=cookie.name;
                                                  strSessVal=cookie.value;

                                              }

                                              NSString *retVal = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
}];
[postDataTask resume];

}

The service is Running fine for Xcode earlier versions and iOS previous versions But when I have updated to Xcode 7.0 that is on iOS 9.0, it started to give me the Problem like following when I am calling the above web service method. The Logged Error which I am getting is:

Connection failed: Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fada0f31880 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=MyServiceURL, NSErrorFailingURLKey=MyServiceURL, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}

I have tried Following Questions and answers but did not get any result there, is there any advance idea how I can remove that service call error?

  1. The resource could not be loaded is ios9
  2. App Transport Security Xcode 7 beta 6
  3. https://stackoverflow.com/a/32609970
Community
2#
Community Reply to 2017-05-23 11:54:59Z

I have solved it with adding some key in info.plist. The steps I followed are:

  1. Opened my Projects info.plist file

  2. Added a Key called NSAppTransportSecurity as a Dictionary.

  3. Added a Subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES as like following image.

Clean the Project and Now Everything is Running fine as like before.

Ref Link: https://stackoverflow.com/a/32609970

EDIT: OR In source code of info.plist file we can add that:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>yourdomain.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
       </dict>
  </dict>
pierre23
3#
pierre23 Reply to 2015-09-22 16:43:21Z

You just need to use HTTPS and not HTTP in your URL and it will work

Mihir Oza
4#
Mihir Oza Reply to 2016-03-02 08:16:24Z

iOS 9 (may) force developers to use App Transport Security exclusively. I overheard this somewhere randomly so I don't know whether this is true myself. But I suspect it and have come to this conclusion:

The app running on iOS 9 will (maybe) no longer connect to a Meteor server without SSL.

This means running meteor run ios or meteor run ios-device will (probably?) no longer work.

In the app's info.plist, NSAppTransportSecurity [Dictionary] needs to have a key NSAllowsArbitraryLoads [Boolean] to be set to YES or Meteor needs to use https for its localhost server soon.

Cœur
5#
Cœur Reply to 2017-06-30 13:37:18Z

Transport security is provided in iOS 9.0 or later, and in OS X v10.11 and later.

So by default only https calls only allowed in apps. To turn off App Transport Security add following lines in info.plist file...

<key>NSAppTransportSecurity</key>
  <dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
  </dict>

For more info:
https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33

Avinash651
6#
Avinash651 Reply to 2015-10-08 06:04:51Z

I have solved as plist file.

Add a NSAppTransportSecurity : Dictionary.

Add Subkey named " NSAllowsArbitraryLoads " as Boolean : YES

Esqarrouth
7#
Esqarrouth Reply to 2017-06-06 13:15:53Z

Be aware, using NSAllowsArbitraryLoads = true allows all connection to any server to be insecure. If you want to make sure only a specific domain is accessible through an insecure connection, try this:

Or, as source code:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>domain.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>

Clean & Build project after editing.

Alvin George
8#
Alvin George Reply to 2015-11-18 10:09:19Z

In Xcode 7.1 onwards(swift 2.0)

Mr. Bean
9#
Mr. Bean Reply to 2017-02-27 06:54:17Z

For iOS 10.x and Swift 3.x [below versions are also supported] just add the following lines in 'info.plist'

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>
Gordonium
10#
Gordonium Reply to 2016-03-15 14:08:12Z

I managed to solve this with a combination of many of the mentioned options. I’ll include a checklist of all of the things I had to do to get this to work.

In short:

  1. Set NSAllowsArbitraryLoads to true for my watch extension (not my watch app).
  2. Ensure I was using https and not http.

Step one:

Firstly and most obviously I had to add an NSAppTransportSecurity key as a dictionary in my watch extension’s info.plist with a subkey called NSAllowsArbitraryLoads as a boolean set to true. Only set this in the watch extension and not the watch app’s plist. Although take note that this allows all connections and could be insecure.

or

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

Step two:

Then I had to make sure that the url I was trying to load was https and not just http. For any urls that were still http I used:

Swift:

let newURLString = oldURLString.stringByReplacingOccurrencesOfString("http", withString: "https")

Obj-C:

NSString *newURLString = [oldURLString stringByReplacingOccurrencesOfString:@“http” withString:@“https”];

CyrIng
11#
CyrIng Reply to 2016-04-13 07:47:49Z

I have solved this issue in the case of a self hosted parse-server using a one year signed certificate rather than the option "NSAllowsArbitraryLoads"

Parse Server as any node.js server presents a public https url that you have to specify. For instance:

parse-server --appId --masterKey --publicServerURL https://your.public.url/some_nodejs

Feel free to give a look to my configuration files

Anit Kumar
12#
Anit Kumar Reply to 2016-10-28 07:22:58Z

If you are using Xcode 8.0 and swift 3.0 or 2.2

Ashok R
13#
Ashok R Reply to 2016-11-16 05:38:07Z

From Apple documentation

If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file.

To Bypass App Transport Security:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

To allow all insecure domains

<key>NSAppTransportSecurity</key>
<dict>
  <!--Include to allow all connections (DANGER)-->
  <key>NSAllowsArbitraryLoads</key>
  <true/>
</dict>

Read More: Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11

MrWaqasAhmed
14#
MrWaqasAhmed Reply to 2017-10-12 10:25:57Z

If you are not a big fan of XML, then just add below tag in your plist file.

Md Imran Choudhury
15#
Md Imran Choudhury Reply to 2017-10-20 16:55:39Z

If you are using Xcode 8.0 to 8.3.3 and swift 2.2 to 3.0

In my case need to change in URL http:// to https:// (if not working then try)

Add an App Transport Security Setting: Dictionary.
Add a NSAppTransportSecurity: Dictionary.
Add a NSExceptionDomains: Dictionary.
Add a yourdomain.com: Dictionary.  (Ex: stackoverflow.com)

Add Subkey named " NSIncludesSubdomains" as Boolean: YES
Add Subkey named " NSExceptionAllowsInsecureHTTPLoads" as Boolean: YES

Najam
16#
Najam Reply to 2017-11-15 08:33:06Z

Open your pList.info as Source Code and at bottom just before </dict> add following code,

 <!--By Passing-->
    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>your.domain.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>1.0</string>
                <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict>
    <!--End Passing-->

And finally change your.domain.com with your base Url. Thanks.

Keshav Gera
17#
Keshav Gera Reply to 2018-01-04 05:11:30Z

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection Working in Swift 4.03

Open your pList.info as Source Code and paste

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>
You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.319795 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO