{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 做自己的国王 的问题《Raise exception on App Transport Security?》','https://www.manongdao.com/q-1212299.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Under iOS 9, I've used the accepted answer here: Transport security has blocked a cleartext HTTP
I added the entries to my Info.plist file under NSAppTransportSecurity. My app seems to be functioning properly, as well as executing all of the requests for which I've accounted for. I am still receiving the error:
App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
My problem is that I can't find where in my app codebase this is coming from and I do NOT want to allow all domains (lazy option referenced in the accepted answer I credited). Is there a way to raise an exception for it so that I can find the source of the warning?
Use an http analyzer such as Charles Proxy (30 day free trial) to find all the URL's being called.
Using this link (http://timekl.com/blog/2015/08/21/shipping-an-app-with-app-transport-security/) from the comment above, I found that switching the environment variable
CFNETWORK_DIAGNOSTICSto1produces a detailed log of all the requests.This allowed me to trace the requests coming from a webView where I'm loading my own domain, which in turn loads things like MixPanel and Google Analytics. Entering those domains into the Info.plist file fixes the issue, however, we're instead simply going to load the https versions of these libraries.