how to accept Http url in iOS app

Since iOS 9, http url will be rejected in iOS App as default. Of course, it relates security issues

What is App Transport Security (ATS)?

In order to support http url in iOS, it must modify plist files in iOS project.

If you utilize react-native CLI to create project, you can find a folder 'ios' under created project

where 'reactNavSample' is project name. If you want to active http url, open Info.plist and find NSAppTransportSecurity key then add 

  <key>NSAllowsArbitraryLoads</key>   
  <true>   

* adding NSAppTransportSecurity represents that all domains are allowed to access

If you don't want to allow all domains access, you can also specify specific domain. For example, you can enable http://localhost by adding

   <key>localhost</key>   
   <dict>    
      <key>NSExceptionAllowsInsecureHTTPLoads</key>   
   </dict>   

* If you specify specific domain, it might be a problem if the domain links resources from the others. For example, if you allow abc.com domain, it will be find when you access http://abc.com. However, if abc.com links resources come from def.com, it might be a problem. The key issue is, you will never know whether abc.com links resources come from others, def.com? ghi.com? or jkl.com?

如何使 ios app 接受 http url

iOS 9 之後，iOS app 已經預設不支援開頭為 http 的 url。這牽扯到一些安全性的考量，可參考下列文章
What is App Transport Security (ATS)?

雖然目前很多網站都支援 Https，但是難免會遇到一些不支援的情況。這時候我們需要去更改 iOS app 專案的設定來允許接受 http url。

若是使用 react-native CLI 產生專案，我們可以在 ios 目錄下找到 ios 專案相關的設定

reactNavSample 是 CLI 的專案名稱，若要支援 http url，請打開 Info.plist 找到 NSAppTransportSecurity 值加入

  <key>NSAllowsArbitraryLoads</key>   
  <true>   

便可支援 http url

＊請注意 NSAllowsArbitraryLoads 會允許所有的網域，如果你只是想支援部分的網域請在 NSExceptionDomains 中增加允許的網域

例如允許 localhost 請加入
   <key>localhost</key>   
   <dict>    
      <key>NSExceptionAllowsInsecureHTTPLoads</key>   
   </dict>   

＊在指定網域的情況下，如果該網域有使用到其他網域的資源，而在plist中並未指定就會發生無法存取的狀況。舉個例子

假設在plist中你指定支援 abc.com ，當app去存取 http://abc.com 底下資源的時候一切正常。但假設 abc.com 中有用到 def.com 的資源的時候，存取就會發生問題