Skip to content

App Transport Security

Jump to bottom Edit New page
Eric Marchand edited this page Oct 18, 2016 · 1 revision

On iOS 9 and OS X v10.11, you need to ensure you use https://, because iOS 9 and OS X v10.11 do not like apps sending or receiving data insecurely.

If this something you want to override edit your info.plist:

  • If you use UIWebView or WKWebView, you can use this code below to enable HTTP content inside those specific components:
<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key><true/>
</dict>

Starting in iOS 10.0 and later and in macOS 10.12 and later, you can just authorize web content:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoadsInWebContent</key><true/>
</dict>
  • Or you can add an exception for a website
<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>urlOfTheWebsiteYouXantToAuthorize.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

ℹ️ If you add any exceptions you are required to explain them to the app review team when you submit your app to the App Store.

[![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat 
](http://mit-license.org) [![Platform](http://img.shields.io/badge/platform-iOS_OSX_TVOS-lightgrey.svg?style=flat
](https://developer.apple.com/resources/) [![Language](http://img.shields.io/badge/language-swift-orange.svg?style=flat
](https://developer.apple.com/swift)
Add a custom sidebar

Clone this wiki locally