Property List Key

NSAppTransportSecurity

A description of changes made to the default security for HTTP connections.

Details

Name
App Transport Security Settings
Type
dictionary

Discussion

On Apple platforms, a networking feature called App Transport Security (ATS) improves privacy and data integrity for all apps and app extensions. ATS requires that all HTTP connections made with the URL Loading System—typically using the URLSession class—use HTTPS. It further imposes extended security checks that supplement the default server trust evaluation prescribed by the Transport Layer Security (TLS) protocol. ATS blocks connections that fail to meet minimum security specifications. For additional details, see Preventing Insecure Network Connections.

You can circumvent or augment these protections by adding the NSAppTransportSecurity key to your app’s Information Property List file and providing an ATS configuration dictionary as the value. For example, you can:

All keys in the ATS configuration dictionary are optional, with default values that are suitable for most apps. Keys that define global exceptions apply to all network connections made by your app, except connections to domains specified in the NSExceptionDomains sub-dictionary. That sub-dictionary allows you to separately manage settings for individual domains.

Versioning

ATS operates by default for apps linked against the iOS 9.0 or macOS 10.11 SDKs or later. When you link your app against an older SDK, ATS is disabled no matter which version of operating system your app runs on.

If you specify a value for any of the global exceptions besides NSAllowsArbitraryLoads, then the ATS behavior depends on the version of the OS on which your app runs:

iOS 9.0 or macOS 10.11

ATS uses the NSAllowsArbitraryLoads value that you set, or NO by default, and ignores the other global exceptions.

iOS 10.0 or later or macOS 10.12 or later

ATS ignores the NSAllowsArbitraryLoads value that you set and instead obeys the other key or keys.

This behavior enables you to manage differences between OS versions. You provide a coarse exception (NSAllowsArbitraryLoads) for older versions, and a more targeted exception, like NSAllowsArbitraryLoadsInWebContent, for when it’s available.

Topics

Global Exceptions

property list key NSAllowsArbitraryLoads

A Boolean value indicating whether App Transport Security restrictions are disabled for all network connections.

Name: Allow Arbitrary Loads
property list key NSAllowsArbitraryLoadsForMedia

A Boolean value indicating whether all App Transport Security restrictions are disabled for requests made using the AV Foundation framework.

property list key NSAllowsArbitraryLoadsInWebContent

A Boolean value indicating whether all App Transport Security restrictions are disabled for requests made from web views.

Name: Allow Arbitrary Loads in Web Content
property list key NSAllowsLocalNetworking

A Boolean value indicating whether to allow loading of local resources.

Domain-Specific Exceptions

property list key NSExceptionDomains

Custom configurations for App Transport Security named domains.

Name: Exception Domains

See Also