ios - Transport security has blocked a cleartext HTTP

Use NSAppTransportSecurity:

You have to set the NSAllowsArbitraryLoads key to YES under NSAppTransportSecurity dictionary in your info.plist file.

Here are the settings visually:

See the forum post Application Transport Security?.

Also the page Configuring App Transport Security Exceptions in iOS 9 and OSX 10.11.

For example, you can add a specific domain like:

<key>NSAppTransportSecurity</key> <dict>   <key>NSExceptionDomains</key>   <dict>     <key>example.com</key>     <dict>       <!--Include to allow subdomains-->       <key>NSIncludesSubdomains</key>       <true/>       <!--Include to allow HTTP requests-->       <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>       <true/>       <!--Include to specify minimum TLS version-->       <key>NSTemporaryExceptionMinimumTLSVersion</key>       <string>TLSv1.1</string>     </dict>   </dict> </dict> 

The lazy option is:

<key>NSAppTransportSecurity</key> <dict>   <!--Include to allow all connections (DANGER)-->   <key>NSAllowsArbitraryLoads</key>       <true/> </dict> 

Note:

info.plist is an XML file so you can place this code more or less anywhere inside the file.

If you are using Xcode 8.0+ and Swift 2.2+ or even Objective C:

If you want to allow HTTP connections to any site, you can use this keys:

<key>NSAppTransportSecurity</key> <dict>     <key>NSAllowsArbitraryLoads</key>     <true/> </dict> 

If you know which domains you will connect to add:

<key>NSAppTransportSecurity</key> <dict>     <key>NSExceptionDomains</key>     <dict>         <key>example.com</key>         <dict>             <key>NSExceptionAllowsInsecureHTTPLoads</key>             <true/>             <key>NSIncludesSubdomains</key>             <true/>         </dict>     </dict> </dict> 

This was tested and was working on iOS 9 GM seed - this is the configuration to allow a specific domain to use HTTP instead of HTTPS:

<key>NSAppTransportSecurity</key> <dict>       <key>NSAllowsArbitraryLoads</key>        <false/>        <key>NSExceptionDomains</key>        <dict>             <key>example.com</key> <!--Include your domain at this line -->             <dict>                 <key>NSIncludesSubdomains</key>                 <true/>                 <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>                 <true/>                 <key>NSTemporaryExceptionMinimumTLSVersion</key>                 <string>TLSv1.1</string>             </dict>        </dict> </dict> 

NSAllowsArbitraryLoads must be false, because it disallows all insecure connection, but the exceptions list allows connection to some domains without HTTPS.