Got "Transport Security has blocked a cleartext HTTP"?

Solar2D Network
#1

** UPDATE ** I did miss a blog on this (with a better answer; link below) **

https://coronalabs.com/blog/2015/09/17/about-app-transport-security-ats/

I may have missed this, but if you are running into this error for you iOS builds,

Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app’s Info.plist file.

after upgrading to iOS9, you can get around the issue temporarily( not a great idea; but a workaround.  Link at top for better solutions).

Simply add this to your build.settings:

iphone = { plist = { NSAppTransportSecurity = { NSAllowsArbitraryLoads = true } , }, }
#2

Thanks man, your help is much appreciated.

See, the original way of whitelisting connections presented by the link above is not working.

I’ve tried…

settings = { iphone = { plist = { NSAppTransportSecurity = { NSExceptionDomains = { ["mydomain.com"] = { NSIncludesSubdomains = true, NSThirdPartyExceptionAllowsInsecureHTTPLoads = true }, }, }, }, }, }

…but it’s all for nothing. I tested it with several devices, hosts, subdomains and profiles - still no way out.

At last, your method is pretty much brutal, but way much effective :slight_smile:

Thanks again, carry on.

#3

I am currently migrating my build to iOS9 and have run into this ATS issue also. I have whitelisted my required http URLs and they are working just fine however I still receive the error message in the Xcode console log as soon as my application starts. There is no specific URL associated with it, how can we drill down to find the specific URL its referring too? Previous to ATS whitelisting I was getting error messages that included the offending URL…

“App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app’s Info.plist file.”

The link below from the Apple developer forums describes a way to natively do this, is there a way in Corona to print these offending URLs out so they can be whitelisted?

https://forums.developer.apple.com/message/41823#41823

#4

I can ask Engineering, but I suspect that’s coming from the OS and it’s not a print statement we have control over.

Rob

#5

Thanks man, your help is much appreciated.

See, the original way of whitelisting connections presented by the link above is not working.

I’ve tried…

settings = { iphone = { plist = { NSAppTransportSecurity = { NSExceptionDomains = { ["mydomain.com"] = { NSIncludesSubdomains = true, NSThirdPartyExceptionAllowsInsecureHTTPLoads = true }, }, }, }, }, }

…but it’s all for nothing. I tested it with several devices, hosts, subdomains and profiles - still no way out.

At last, your method is pretty much brutal, but way much effective :slight_smile:

Thanks again, carry on.

#6

I am currently migrating my build to iOS9 and have run into this ATS issue also. I have whitelisted my required http URLs and they are working just fine however I still receive the error message in the Xcode console log as soon as my application starts. There is no specific URL associated with it, how can we drill down to find the specific URL its referring too? Previous to ATS whitelisting I was getting error messages that included the offending URL…

“App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app’s Info.plist file.”

The link below from the Apple developer forums describes a way to natively do this, is there a way in Corona to print these offending URLs out so they can be whitelisted?

https://forums.developer.apple.com/message/41823#41823

#7

I can ask Engineering, but I suspect that’s coming from the OS and it’s not a print statement we have control over.

Rob