iOS Dev Nuggets: Short iOS app development nugget every Friday/Saturday

Need to run a code review on your codebase? Hire me

iOS Dev Nugget 154 App Transport Security

by Hwee-Boon Yar — Subscribe to tips via weekly email

In iOS 9 (and OS X 10.11), the operating system requires HTTPS by default when you make any HTTP connection. This is definitely a good thing. However, there might not be time to fix up your own servers or if maybe you are connecting to a third party API that you have no control over. To workaround that, you can specify exceptions in your Info.plist file.

There's a few key-value pairs you can use for various effects. But here's the common ones.

Use NSAllowsArbitraryLoads for a complete bypass of the HTTPS requirement. Obviously, this is the last resort.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

You should use NSExceptionDomains like this to specify specific domains (and whether subdomains are included) like these:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>api.myapidomain.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

Your feedback is valuable: Do you want more nuggets like this? Yes or No

Like this and want such iOS dev nuggets to be emailed to you, weekly?

Sign Me Up! or follow @iosdevnuggets on Twitter

View archives of past issues

iOS Dev Nuggets: Short iOS app development nugget every Friday/Saturday

iOS Dev Nugget 154 App Transport Security

Here's a few related nuggets: