Thursday, 5 November 2015

Xcode bypass App Transport Security

During development it's common that we need to access resources within an iOS app from a non-secure server. To enable this we need to bypass Apple's new App Transport Security. We can do this by adding the following to the info.plist file:

<key>NSAppTransportSecurity</key>
    <dict>
      <key>NSExceptionDomains</key>
      <dict>
        <key>mydomain.co.uk</key>
        <dict>
          <key>NSIncludesSubdomains</key>
          <true/>
          <key>NSExceptionAllowsInsecureHTTPLoads</key>
          <true/>
          <key>NSExceptionRequiresForwardSecrecy</key>
          <true/>
          <key>NSExceptionMinimumTLSVersion</key>
          <string>TLSv1.2</string>
          <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
          <false/>
          <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
          <true/>
          <key>NSThirdPartyExceptionMinimumTLSVersion</key>
          <string>TLSv1.2</string>
          <key>NSRequiresCertificateTransparency</key>
          <false/>
        </dict>
      </dict>
    </dict>
Topics: , ,

No comments:

Post a Comment

Comments are moderated, so you'll have to wait a little bit before they appear!

Subscribe to: Post Comments (Atom)