Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-19819] iOS: Disable ATS in builtin KitchenSink by default

GitHub Issuen/a
TypeImprovement
PriorityLow
StatusClosed
ResolutionFixed
Resolution Date2015-10-29T03:26:36.000+0000
Affected Version/sn/a
Fix Version/sRelease 5.2.0
ComponentsiOS
Labelsn/a
ReporterHans Knöchel
AssigneeHans Knöchel
Created2015-10-28T22:38:25.000+0000
Updated2016-02-05T22:35:56.000+0000

Description

Currently we need to disable iOS9 App Transport Security (ATS) in the builtin KitchenSink (titanium_mobile/demos/KitchenSink) whenever we want to test any ticket related to webview, httpclient, etc. As we disable ATS in our SDK as well, we should change this setting in the Titanium.plist of the Xcode project. *Example:*
var win = Ti.UI.createWindow();
win.add(Ti.UI.createImageView({image: "http://dummyimage.com/600x400/000/fff"}));
win.open();
*Expected behavior:* The image loads. *Actual behavior:* An ATS error is thrown:
App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
*Solution:*
    <key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
    </dict>

Comments

  1. Hans Knöchel 2015-10-28

    PR: https://github.com/appcelerator/titanium_mobile/pull/7369
  2. Eric Wieber 2016-02-05

    Verified fixed, using: MacOS 10.11.3 (15D21) Studio 4.5.0.201602050824 Ti SDK 5.2.0.v20160205071936 Appc NPM 4.2.3-1 Ti CLI 5.0.6 Alloy 1.7.33 Xcode 7.2 (7C68) NSAllowArbitraryLoads is set to true in the plist, now. Tested using the provided sample code and the KitchenSink app. No error was encountered.

JSON Source