
22 May 2024 Leave a comment Tech-Help
When developing an iOS application, you might encounter an error message indicating that transport security has blocked a cleartext HTTP resource load since it is insecure. This error can be resolved by configuring your app’s Info.plist
file to enable HTTP mode. In this article, we will guide you through the steps to achieve this.
Understanding App Transport Security (ATS)
App Transport Security (ATS) is a feature introduced by Apple to enhance the security of network connections in iOS apps. It requires apps to use HTTPS instead of HTTP, ensuring that data is transmitted securely. However, in some cases, you might need to allow HTTP connections temporarily, especially during the development phase.
Steps to Enable HTTP Mode
Method 1: Allow Arbitrary Loads (Not Recommended for Production)
This method allows all HTTP connections, which can be useful for testing but is not recommended for production due to security risks.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Method 2: Specific Domain Exception (Recommended)
This method allows HTTP connections only for specified domains, maintaining a higher level of security.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
Best Practices
While enabling HTTP mode can be necessary for certain scenarios, it is crucial to follow best practices to ensure the security of your app:
- Use HTTPS whenever possible.
- Limit HTTP exceptions to specific domains.
- Regularly review and update your security settings.
Additional Resources
For more detailed information on configuring transport security in iOS, refer to the following resources:
- Virtual Test Devices Documentation
- Running Test Batches
- Test Exception Handling
- Continuous Integration
Streamline Your Testing with Repeato
Manually configuring and maintaining test settings can be time-consuming. Repeato, a No-code test automation tool for iOS and Android, simplifies this process. Using computer vision and AI, Repeato allows you to create, run, and maintain automated tests quickly and efficiently. This enables developers to focus on creating great products while allowing non-technical colleagues or QA teams to handle test automation.
Learn more about how Repeato can enhance your mobile development workflow by visiting our latest blog post.