Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Fix iOS 9 App Transport Security Issues In NativeScript

TwitterFacebookRedditLinkedInHacker News

Since the release of iOS 9, a ton of stress has been put on mobile developers because of forced changes that Apple put in place. The most common problem developers are facing resides in the App Transport Security (ATS) policies that Apple now requires when accessing insecure resources external from the deployed application.

This article is actually very similar to the one I wrote regarding Ionic Framework and Apache Cordova. The only difference is that this will be more specific to Telerik NativeScript.

When developing a NativeScript application that calls remote web APIs or downloads remote resources, you might have run into the following error:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

This error isn’t a bad thing. Sure it isn’t pleasant to see in your app, but it does protect your users from exposing their sensitive information in an insecure web request. You can create an App Transport Security (ATS) policy to override this error or make exceptions to it.

To add a policy, open your Xcode info.plist file. This file can be found at platforms/ios/project_name/project_name-info.plist in your project. Of course you should replace project_name with the actual name of your project. At the bottom of your info.plist, add the following:

<key>NSAppTransportSecurity</key>  
<dict>  
    <key>NSAllowsArbitraryLoads</key>
    <true />  
</dict>

Note that the above snippet is a full override. In a production application it probably isn’t a good idea to do this. Instead, you should read the Apple documentation and add only the resources that you decide to the whitelist.

Conclusion

As much of a pain App Transport Security (ATS) seems in iOS 9, it is actually a positive thing for your users. With a few modifications you can make exceptions to allow communication between the application and insecure external resources.

Nic Raboy

Nic Raboy

Nic Raboy is an advocate of modern web and mobile development technologies. He has experience in C#, JavaScript, Golang and a variety of frameworks such as Angular, NativeScript, and Unity. Nic writes about his development experiences related to making web and mobile development easier to understand.

Search

Follow Us

Support This Site