Modify Info.plist


does anybody know how to add automaticaly a key (in my case is NSAppTransportSecurity) to Info.plist in a IOS App ?
I must use a template or it is via project.xml ?

Thanks you

You must do this using a template right now, I believe, but I’m interested in hearing ideas for improving iOS extension support to allow support without overriding templates

It is curious. I need to modify the NSAppTransportSecurity too, because ios is reporting me the error:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

It would be great to edit directly from the project.xml. But the template solution could be valid right now.

I’m very interrest too ! :blush:

Thantks for your reply.

Do you think this should be in the standard Info.plist template file we use? Are there negative effects to adding this?

If you don’t put it while you target ios 9.2, the app will crash instantly if you access to a file (image,video,…) in http.

Does someone want to do a pull request? :slight_smile:

Ok. This week i will try to do it.

We have two ways to avoid this. In a general form:


And a custom form, where the user can add multiple domains:


The first way would be the easy way. But i don’t know if Apple looks favorably that.
I’m using the second way right now.

What do you think?

Perhaps the issue is more about security for the application itself, not regarding the phone. Whether you explicitly or implicitly allow access to some URL, I’m not sure if it affects Apple, more so the potential of insecure HTTPS connections and man-in-the-middle attacks trying to securely connect to a backend server. I don’t know :slightly_smiling:

Does this setting affect any required permissions upon install, or anything else that’s noticeable? If not, it seems we might want a general wildcard access to URLs and then users can refine it to be more specific if they want

Mmm, yes i’m agree about the security.

Ok, i have thought something like that:

<ios insecure-http-allowed="*"/>
<ios insecure-http-allowed="|"/>

The user can accept all domains or only custom domains, where it can contain multiple with the OR operator.

1 Like

PR created here :slightly_smiling: