With Xcode 7 testing an iOS 9 app is unable to obtain data from a http request

Question

I am developing an application in iOS. For my development I am using Xcode beta7. Before, I used to test my app in my mobile with iOS 8.4 after updating to iOS 9, I can't install the same app in my mobile. Please give me some suggestions. Big thanks!

Answer 1

Add this line to your .plist file:

Source:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>yoursite.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

Workaround, edited because shouldn't be used. Secure your data

Answer 2

From the initially minimal question information the problem is probably a failing http request to a server that does not meet current security best practices.

iOS9 now by default requires a server to support https with TLS 1.2, forward security and secure encryption methods.

From: App Transport Security Technote

Default Behavior:
All connections using the NSURLConnection, CFURL, or NSURLSession APIs use App Transport Security default behavior in apps built for iOS 9.0 or later, and OS X 10.11 or later. Connections that do not follow the requirements will fail.

The solution is to up date the server to https TLS 1.2 and forward security. Also only supporting the encryption method in the above Security Technote.

Another solution is to whitelist the url on the app plist or even if necessary allow all http connections. This reduces the connection security, the best approach is to update the server.

If necessary all URLs can be allowed, this is usually only needed when the URLs to be accessed are not known, perhaps user supplied or there are a large number of known URLs.

To disable security for all URLs add this to the app's plist file:
( not recommended ) unless you really need to access unknown URLs

<key>NSAppTransportSecurity</key>  
     <dict>  
          <key>NSAllowsArbitraryLoads</key><YES/>  
     </dict>  

To disable security for a single URLs (and sub URLs) add this to the app's plist file ( change "yourdomain.com to the correct URL":

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>yourdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

Apple supplied information about this several places:

There was the WWDC 2015 session 706 that described as well as the release notes: What's New in iOS iOS 9.0 . I believe it was also mentioned in the WWDC keynote.

Also see this SO Answer: About ATS SSL in iOS 9 release version .

Answer 3

Be sure to set NSAppTransportSecurity for compatibility.

See: How can I add NSAppTransportSecurity to my info.plist file?