App Transport Security problem trying to use Appium with iOS hybrid app

I’m using Appium (the app, not built from source) with Protractor to test a hybrid iOS app. I’ve gotten to the point of having it work on the simulator, but only if I put “NSAllowsArbitraryLoads” set to true in my plist file. If I leave it out then I get the following error in the log output from the Appium app window:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app’s Info.plist file.

The problem is that I’m using Appium because I like testing my software using the build that is going to be released, but with this problem I can’t do that. You can’t leave the NSAllowsArbitraryLoads setting because it defeats the iOS 9 security enhancements. So I would like to add this key, but limited to a specific domain so it’s not a security hole like this:


But this doesn’t work, I still get the same error. I also tried “localhost”, but I guess it’s using some other hostname. Any idea what it is, or a way to debug? I see the following line a few lines up from the error:

info: [debug] Response url for executeAsync is

So I think that’s the url it’s calling that’s causing the trouble, but can’t be sure of that.

Switching to using Python client and no more Protractor resolves this problem. So must be something to do with having Protractor involved and does not seem to be specific to Appium. Now using normal release plist settings with Python client and tests are working fine.

Figured I’d put this note in case anyone else is struggling with Protractor/Appium combo. It can be made to work, but there’s a lot of stumbling blocks. The benefits of Protractor for AngularJS based apps is probably outweighed by the hassles of trying to make it and Appium play nicely- especially when you start trying to test things like opening a camera to take pictures. Or if you want to debug tests easily.