Skip to content

Instantly share code, notes, and snippets.

@mlynch mlynch/info.plist
Last active Jun 20, 2019

Embed
What would you like to do?
Disable App Transport Security in iOS 9
<!--
This disables app transport security and allows non-HTTPS requests.
Note: it is not recommended to use non-HTTPS requests for sensitive data. A better
approach is to fix the non-secure resources. However, this patch will work in a pinch.
To apply the fix in your Ionic/Cordova app, edit the file located here:
platforms/ios/MyApp/MyApp-Info.plist
And add this XML right before the end of the file inside of the last </dict> entry:
PASTE HERE
</dict>
</plist>
-->
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
@djett41

This comment has been minimized.

Copy link

commented Sep 19, 2015

Thanks Max, I also wanted to note that if you have this after_prepare hook from the Ionic Generator, you could put the following in your config.xml

<platform name="ios">
    <config-file platform="ios" target="*-Info.plist" parent="NSAppTransportSecurity">
        <dict>
            <key>NSAllowsArbitraryLoads</key><true/>
        </dict>
    </config-file>
</platform>
@hammady

This comment has been minimized.

Copy link

commented Sep 19, 2015

Please don't set arbitrary loads to true, this will probably end in the rejection of your app. It is better to add exceptions per domain. Please see this stackoverflow answer: http://stackoverflow.com/a/30732693/441849

@mirkonasato

This comment has been minimized.

Copy link

commented Sep 20, 2015

Hopefully at some point this should be handled by the Cordova whitelist plugin, right?

@tal-moshayov

This comment has been minimized.

Copy link

commented Sep 21, 2015

is there a way to put this code in the config.xml rather than plist? I understand it's best practice not to include the platform folder under source control

@leokrlewis

This comment has been minimized.

Copy link

commented Sep 22, 2015

Thanks this fixed the issue for my app which I simply allow users to specify a website they want to go to nothing more.

@simonprickett

This comment has been minimized.

Copy link

commented Sep 23, 2015

I achieve similar to the suggested hook by using this as an iOS before build step (configured using a hook element in config.xml):

#!/bin/bash

echo "Adjusting plist for App Transport Security exception."
val=$(/usr/libexec/plistbuddy -c "add NSAppTransportSecurity:NSAllowsArbitraryLoads bool true" platforms/ios/MyProject/MyProject-Info.plist 2>/dev/null)
echo "Done"

Doesn't require external dependencies as plistbuddy is already installed. I have to capture the return value of plistbuddy as if the key exists already it will return with an error which stops the Cordova build process which isn't what you want.

@iRoachie

This comment has been minimized.

Copy link

commented Sep 24, 2015

Does not seem to work for me. Still stuck on the splash screen.

@timothydang

This comment has been minimized.

Copy link

commented Sep 25, 2015

agreed with @hammady's comment above. There's a real risk getting rejected by Apple setting NSAllowsArbitraryLoads to true

Try this instead

<key>NSExceptionDomains</key>
  <dict>
    <key>localhost</key>
    <dict>
      <key>NSIncludesSubdomains</key>
      <false/>
      <key>NSExceptionAllowsInsecureHTTPLoads</key>
      <false/>
      <key>NSExceptionRequiresForwardSecrecy</key>
      <true/>
      <key>NSExceptionMinimumTLSVersion</key>
      <string>TLSv1.2</string>
      <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
      <false/>
      <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
      <true/>
      <key>NSThirdPartyExceptionMinimumTLSVersion</key>
      <string>TLSv1.2</string>
      <key>NSRequiresCertificateTransparency</key>
      <false/>
    </dict>
  </dict>
@ashconnell

This comment has been minimized.

Copy link

commented Sep 25, 2015

There is no risk of getting rejected by using a public API option. In the future they might make it mandatory but for now its fine.

@rajeshwarpatlolla

This comment has been minimized.

Copy link

commented Sep 26, 2015

After adding the patch into my ionic app, i am always getting an error error: process launch failed: timed out trying to launch app when i try to run ionic run ios --device. If i don't include the patch then i am able to install the app in to the real device successfully, but the api calls are not working because of the transport security (https) issues.

@weexpectedTHIS

This comment has been minimized.

Copy link

commented Oct 2, 2015

Thanks for the work-around but there should be a better way by now!

@camaleo

This comment has been minimized.

Copy link

commented Oct 7, 2015

It works for me: thank you!

@jayrmotta

This comment has been minimized.

Copy link

commented Nov 18, 2015

Although some say not to use arbitrary loads set to true I've faced many problems like pointing to an image on an external host (ssl enabled) that returned an error probably because of the version of ssl or something like that.

Even developers on apple's forums say that the soluction is enabling arbitrary loads: https://forums.developer.apple.com/thread/4988

I'm following @djett41 tip, added that hook to my project and the <dict> and now everything is working. Thanks for that 👍

@TheMattRay

This comment has been minimized.

Copy link

commented Nov 19, 2015

Quick update: it looks like arbitrary loads is now enabled in the latest Ionic. I just did a platform remove and platform add of ios and, after building, the dictionary for this patch was in the plist file. Can someone else confirm this? The changelog has become fairly outdated.

@ZenSide

This comment has been minimized.

Copy link

commented Nov 30, 2015

Following @TheMattRay, using 1.1.1 Ionic version had do the work for me : allowing arbitrary loads by edit of *-Info.plist on iOS build.

@NuruddinBadawi

This comment has been minimized.

Copy link

commented Dec 23, 2015

screen shot 2015-12-23 at 13 48 30

i have like this issue who fix this ?

@amaanr

This comment has been minimized.

Copy link

commented Mar 13, 2016

Please see error log below, not sure what this means. It happens when I call the geolocation event a second time. On app load, it fires and returns the geolocation correctly however.

Mar 12 18:11:12 C02QJA6VG8WP ids_simd[7977]: (Error) IDSSimulatorSupport: <IDSSimSupportLocalServer.m __68-[IDSSimSupportLocalServer setNetworkSimulation:enabled:completion:]_block_invoke:561> message send of data { ControlCmd = SetNetSimulationEnabledCmd; Enabled = 0; ServiceName = "com.apple.private.alloy.sockpuppet.classd"; } failed with error Error Domain=com.apple.idssimualtorsupport.errors Code=2 "(null)" UserInfo={NSUnderlyingError=0x7fa318605870 {Error Domain=NSMachErrorDomain Code=268435459 "(ipc/send) invalid destination port"}} Mar 12 18:11:12 C02QJA6VG8WP companionappd[7983]: (Error) WatchKit: <SPTransport.m __67-[SPTransport service:account:identifier:didSendWithSuccess:error:]_block_invoke:430> __67-[SPTransport service:account:identifier:didSendWithSuccess:error:]_block_invoke identifier (861176EA-8C17-480C-B3D6-2343311CE521), serviceName ((null)), success: 0 error, domain: com.apple.identityservices.error, code: 23 Mar 12 18:11:12 C02QJA6VG8WP sharingd[7988]: 18:11:12.480 : Failed to send SDURLSessionProxy startup message, error Error Domain=com.apple.identityservices.error Code=23 "Timed out" UserInfo={NSLocalizedDescription=Timed out, NSUnderlyingError=0x7ffcdac23440 {Error Domain=com.apple.ids.idssenderrordomain Code=12 "(null)"}} Mar 12 18:11:12 C02QJA6VG8WP companionappd[7983]: (Error) WatchKit: <SPCompanionAppServer.m __75-[SPCompanionAppServer sendProtobuf:sender:timeOut:allowInsecureTransport:]_block_invoke:900> sendProtobuf failed, error : Error Domain=com.apple.identityservices.error Code=23 "Timed out" UserInfo={NSLocalizedDescription=Timed out, NSUnderlyingError=0x7f94d3200ca0 {Error Domain=com.apple.ids.idssenderrordomain Code=12 "(null)"}} Mar 12 18:11:12 C02QJA6VG8WP companionappd[7983]: (Error) WatchKit: <SPTransport.m __67-[SPTransport service:account:identifier:didSendWithSuccess:error:]_block_invoke:430> __67-[SPTransport service:account:identifier:didSendWithSuccess:error:]_block_invoke identifier (BE95B243-9493-44FF-AF82-8A550712C77E), serviceName ((null)), success: 0 error, domain: com.apple.identityservices.error, code: 23 Mar 12 18:11:12 C02QJA6VG8WP companionappd[7983]: (Error) WatchKit: <SPCompanionAppServer.m __75-[SPCompanionAppServer sendProtobuf:sender:timeOut:allowInsecureTransport:]_block_invoke:900> sendProtobuf failed, error : Error Domain=com.apple.identityservices.error Code=23 "Timed out" UserInfo={NSLocalizedDescription=Timed out, NSUnderlyingError=0x7f94d1f00520 {Error Domain=com.apple.ids.idssenderrordomain Code=12 "(null)"}}

@arcreative

This comment has been minimized.

Copy link

commented Apr 13, 2016

Anyone know how to get NSExceptionRequiresForwardSecrecy to false without editing by hand? This is absoludicrous, I keep publishing unusable builds because my *-Info.plist keeps getting wiped out every build...

@arcreative

This comment has been minimized.

Copy link

commented Apr 13, 2016

And for the record, I have it under NSExceptionDomains so I can choose which one is acceptable for now.

@arcreative

This comment has been minimized.

Copy link

commented Apr 13, 2016

@simonprickett's solution is working for me, cheers 🍻

@kittykumas

This comment has been minimized.

Copy link

commented Jul 19, 2016

I tried all above methods with no luck. Please help!
The weirdest part is the xcode keep automatic change all the keys name by itself, I open the info. plist file side by side with xcode view. it shows different entries on the key. xcode keep omit "NS" and add "setting" in the end. Xcode version is 7.3.1
ats_xcode731

@matheusleite

This comment has been minimized.

Copy link

commented May 9, 2017

I don't have success 😢 I have tried everything but my API requests don't work on iOS.

@royken

This comment has been minimized.

Copy link

commented May 18, 2017

same issue with me, this is my code :
$http.get(my.api.com).then(function(response) { console.log("fresh", JSON.stringify(response)); }, function(error) { console.log(error); })
it returns good value on android (emulator and device), on navigators, but not on iOS. It instead return a null value as data and no error is logged

@purnendu91

This comment has been minimized.

Copy link

commented May 19, 2017

@matheusleite and @royken. I am facing the same issue using Ionic. Did you guys find a work around?
For me the http requests work if I start a new project, but does not work for my old projects. Everything works in the old projects except for http requests. I have tried reinstalling the cordova whitelist plugin but no luck. Have been trying to solve this for a few days now. Seems like all went south after the ionic 3 upgrade. :/

@royken

This comment has been minimized.

Copy link

commented May 20, 2017

@purnendu91 i'm still on ionic 1, and still have the same issue. My api does not work on iOS 10

Cordova CLI: 6.5.0 
Ionic CLI Version: 2.1.17
Ionic App Lib Version: 2.1.7
ios-deploy version: 1.9.1 
ios-sim version: 5.0.13 
OS: macOS Sierra
Xcode version: Xcode 8.2 Build version 8C38
@zubair1024

This comment has been minimized.

Copy link

commented Oct 31, 2017

I have tried all the methods above and still haven't been able to solve the issue.

@nourallahtq

This comment has been minimized.

Copy link

commented May 8, 2018

thanks man you help me 👍

@MrRavalB

This comment has been minimized.

Copy link

commented Oct 31, 2018

I have the same issue, please provide Solution...

@manuelph

This comment has been minimized.

Copy link

commented Mar 26, 2019

Same issue here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.