NEW: Master Swift design patterns with my latest book! >>

How to handle the HTTPS requirements in iOS with App Transport Security

Written by Paul Hudson    @twostraws

iOS doesn’t let you work with HTTP web data by default, because it's blocked by something called App Transport Security that effectively requires data to be transmitted securely. If possible, you should switch to HTTPS and use that instead, but if that's not possible for some reason – e.g. if you're working with a third-party website – then you need to tell iOS to make exceptions for you.

Note: the very fact that iOS calls these "exceptions" does imply the exception option may go away in the future. If you add any exceptions you are required to explain them to the app review team when you submit your app to the App Store.

Exceptions be defined per-site or globally, although if you're going to make exceptions obviously it's preferable to do it for individual sites. This is all set inside your application's Info.plist file, and this is one of the very few times when editing your plist as source code is faster than trying to use the GUI editor in Xcode. So, right-click on your Info.plist and choose Open As > Source Code.

Your plist should end like this:

</dict>
</plist>

Just before that, I'd like you to paste this:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>hackingwithswift.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

That requests an exception for the site hackingwithswift.com so that it can be loaded using regular HTTP rather than HTTPS. Note that I've set NSIncludesSubdomains to be true because the site redirects you to www.hackingwithswift.com, which is a subdomain.

Very observant readers might note that hackingwithswift.com actually supports HTTPS and thus doesn't need App Transport Security, but you do still need to point to https:// otherwise the request will fail.

Available from iOS 9.0

Did this solution work for you? Please pass it on!

Other people are reading…

About the Swift Knowledge Base

This is part of the Swift Knowledge Base, a free, searchable collection of solutions for common iOS questions.

Hacking with watchOS

Transfer your Swift skills to watchOS the easy way, and learn to build real-world apps in the process!

Click here to visit the Hacking with Swift store >>