I had a working app that downloads some info from an http domain. But after the Swift 2.0 and Xcode 7 update, my app can't connect to the server and download the json data, I get the "App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file." error.

I have tried putting this lines in my info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

But I get the same error, it's not working. I always get nil data from the download methods. Any one has this same error? Thanks!

EDIT: Here is a picture from my info.plist file:

I feel so stupid. I added the keys for disabling the ATS on the wrong Info.plist. Instead of adding it in the Supporting Files/Info.plist file, I added it on MyAppTests/Supporting Files/Info.plist file. Not really a bug in Xcode, but a bug in my brain. Thank you all for your answers!

You can try using

nscurl --ats-diagnostics <your-URL>

in the terminal. This can help you find the settings that will allow your app to connect to your-URL. This only works on OSX El Capitan. Check out the apple technote.

But if you've tried NSArbitraryLoads in your info.plist file, this diagnostic tool probably won't help you. I think you might have found a bug.

I had the same problem, I tried adding NSExceptionMinimumTLSVersion and it works.

<key>NSAppTransportSecurity</key>
<dict>
   <key>NSExceptionMinimumTLSVersion</key>
   <string>TLSv1.0</string>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

I am not sure why this helps, but... it does! I hope it's helpful to someone out there too

In my case I needed to remove all the other keys like "Allow Arbitrary Loads in Web Content" or "Exception Domains" in order to get "Allow Arbitrary Load" to work as it set to true under "App Transport Security Settings" in Info.plist.

Tested using XCode 8.2.1, iOS 10.2.

If you need to load a http:// resource only in web (UIWebView/WKWebView/SafariViewController) then the following should suffice.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoadsInWebContent</key>
    <true/>
</dict>

None of the previous solutions worked for me, I had the NSAllowsArbitraryLoads set to true, but still HTP wont work, after looking around I noticed that the info.plist file has NSExceptionDomains section, so I deleted it for testing and everything worked.

So it seems that having NSExceptionDomains cancels the NSAllowsArbitraryLoads, hope this is helpful.

Did you try to add your domain such as? You should add it into NSAppTransportSecurity dictionary.

<key>NSExceptionDomains</key>
        <dict>
            <key>abcde.com</key>
            <dict>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <true/>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
        </dict>

I had a similar issue and after a while I figured out that the info.plist file was corrupted. I can only advise to check the xml directly not only the plist editor in xcode.

I had the same issue in XCode Version 8.3.2 (8E2002) with iOS 10.3. After removing all the keys like "Allow Arbitrary Loads in Web Content" or "Exception Domains", the "Allow Arbitrary Load" key works as expected. Thanks @dariukas.

In iOS12 I could not make it work with the old way NSAllowsArbitraryLoads

Only when I updated the key to NSExceptionAllowsInsecureHTTPLoads it worked. My info.plist section that works:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>yourdomain.com</key>
            <dict>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
        </dict>
    </dict>