I'm trying to deal with Apple's http restrictions on Codename One.

According to iOS Cocoa keys doc, NSAllowsArbitraryLoadsInWebContent will work on iOS 10 following these instructions:

An optional Boolean value that applies only to content to be loaded into an instance of the following classes:

WKWebView

UIWebView (iOS only)

WebView (macOS only)

Set this key’s value to YES to obtain exemption from ATS policies in your app’s web views, without affecting the ATS-mandated security of your NSURLSession connections.

Default value is NO.

To support older versions of iOS and macOS, you can employ this key and still manually configure ATS. To do so, set this key’s value to YES and also configure the NSAllowsArbitraryLoads subkeys.

If you add this key to your Info.plist file, then, irrespective of the value of the key, ATS ignores the value of the NSAllowsArbitraryLoads key. Available starting in iOS 10.0 and macOS 10.12.

My first question is:

Does BrowserComponent expose WKWebView or UIWebView? In that case, the Cocoa key in question will work, and allow me to avoid the risky NSAllowsArbitraryLoads for iOS 10.

Second question:

To ensure compatibility with earlier versions, I understand I should do this:

• Set NSAllowsArbitraryLoads to true (this will be ignored in iOS 10 because of the following point).

• Set NSAllowsArbitraryLoadsInWebContent to true (this will be ignored in iOS 9 and NSAllowsArbitraryLoads will be used).

Am I right?

Thanks

I don't understand what steps you were trying to take, but if you are trying to allow http URLs in your application, Codename one made it simple by allowing you to add this build hint

ios.plistInject=<key>NSAppTransportSecurity</key><dict><key>NSAllowsArbitraryLoads</key><true/></dict><key>CFBundleURLTypes</key><array><dict><key>CFBundleURLName</key><string>com.mycompany.myapp</string></dict><dict><key>CFBundleURLSchemes</key><array><string>MyApp</string></array></dict></array> 

Change com.mycompany.myapp and MyApp accordingly.

Just add that build hint and your http / https URLs will work seamlessly on all iOS versions including iOS 9 and 10.

I currently use this on some of my apps and it works fine, tested on 10.1 beta 3 as well.

EDIT:

After reading your question again, I realized that your questions were not answered:

Yes, the key will work even if BrowserComponent doesn't expose UIWebView. (Based on personal test)

Just use NSAllowsArbitraryLoads and set it to true as discussed above, and it will handle everything. NSAllowsArbitraryLoads will only be ignored in iOS 10 if you set NSAllowsArbitraryLoadsInWebContent.