ios - App Transport Security Xcode 7 beta 6

Question

I'm currently working on Xcode 7 beta 6. I'm trying to send a "DELETE" request to http://mySubdomain.herokuapp.com

The error I receive is:

App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
Error making API call: Error Domain=NSURLErrorDomain Code=-1022 The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.
NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSUnderlyingError=0x796f7ef0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}}

In my actual API call I put "https" instead of "http" and that actually worked for my POST requests. But the DELETE request throws the above error.

I've seen solutions on here that involve the pList file, but none of them have worked for me. I've listed my attempts below.

First attempt:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

Second try:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>herokuapp.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSThirdPartyExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
        </dict>
    </dict>
</dict>

And finally, I even put all these temporary keys in like so:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>herokuapp.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSTemporaryIncludesSubdomains</key>
                <true/>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSTemporaryExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSTemporaryThirdPartyExceptionAllowsInsecureHTTPLoads</key>
                <true/>
                <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSTemporaryThirdPartyExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSThirdPartyExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSTemporaryThirdPartyExceptionMinimumTLSVersion</key>
                <string>TLSv1.2</string>
                <key>NSRequiresCertificateTransparency</key>
                <false/>
                <key>NSTemporaryRequiresCertificateTransparency</key>
                <false/>
            </dict>
        </dict>
    </dict>

All with no luck! I always get the same error. The DELETE request is formatted correctly because when I manually do it from Postman, I get the desired result.

Here is what my actual API call method looks like, just in case there could be an issue here:

class func makeDELETEALLRequest(completion: (error:Bool) -> Void) {
        let session = NSURLSession.sharedSession()
        let url = NSURL(string:"https://mysubdomain.herokuapp.com/42kh24kh2kj2g24/clean")
        let request = NSMutableURLRequest(URL: url!)
        request.HTTPMethod = "DELETE"

        let task = session.dataTaskWithRequest(request) { (data, response, error) -> Void in

            if (error != nil) {
                print("Error making API call: (error!)")
                completion(error: true)
            } else {
                let HTTPResponse = response as! NSHTTPURLResponse
                let statusCode = HTTPResponse.statusCode
                if (statusCode == 200){
                    print("Successfully deleted!")
                    completion(error: false)
                } else {
                    print("Different status code: (statusCode)")
                    completion(error: true)
                }
            }
        }
        task.resume()
    }

Once again, I'm using Xcode 7 beta 6.

ABOUT MY SELECTED ANSWER The answer I selected as correct was right for me because I made all these changes to the wrong pList file in my project and that answer was the only one that addressed the possibility. The solutions offered by the other answers are not wrong, so any other people experiencing this issue should give them a try, since they are valid. I hope this helps anyone having similar issues.

Answer 1

I have solved it with adding some key in info.plist. As I am using objective C for some native application.

The steps I followed are:

1. Opened my Projects info.plist file

2. Added a Key called NSAppTransportSecurity as a Dictionary.

3. Added a Subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES as like following image.

Clean the Project and Now Everything is Running fine as like before.

Ref Link:

1. https://stackoverflow.com/a/32631185/2905967

2. https://stackoverflow.com/a/32609970