I’m using Appium (the app, not built from source) with Protractor to test a hybrid iOS app. I’ve gotten to the point of having it work on the simulator, but only if I put “NSAllowsArbitraryLoads” set to true in my plist file. If I leave it out then I get the following error in the log output from the Appium app window:
App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app’s Info.plist file.
The problem is that I’m using Appium because I like testing my software using the build that is going to be released, but with this problem I can’t do that. You can’t leave the NSAllowsArbitraryLoads setting because it defeats the iOS 9 security enhancements. So I would like to add this key, but limited to a specific domain so it’s not a security hole like this:
<key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>127.0.0.1</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict> </dict> </dict>
But this doesn’t work, I still get the same error. I also tried “localhost”, but I guess it’s using some other hostname. Any idea what it is, or a way to debug? I see the following line a few lines up from the error:
info: [debug] Response url for executeAsync is http://0.0.0.0:4723/wd/hub/session/f5290afe-c296-4e3e-8122-6e9676469ee6/receive_async_response
So I think that’s the url it’s calling that’s causing the trouble, but can’t be sure of that.