[MUSIC] When we got that callback from Instagram, we saw that there was kind of an error and the error had to do with the fact that we hadn't allowed our application to request information from insecure web services. And this is a change that has taken place in iOS 9 that we first saw in course one. The basic change at a high level is that Apple's trying to secure and enforce a high level of security on the internet. And the way their doing that is by turning off insecure access to the internet by default, so it's not possible by default to access web services. For example, those that are using HTTP unencrypted scheme on the internet and even if you use the encrypted scheme, HTTPS, it has to be a very high-level of security, one that implements forward secrecy in order to make that connection without any changes. Now, not all web services are secure, but this is the default behavior as of iOS 9 and OSX 10.11. The details are available in this URL. If you want to see all the details of which ciphers and which protocols are supported, that's available on the developer website. In the mean time though, we have to figure out how are we gonna transition, because not all web services are strong enough. How strong does it need to be? Well, the server has to support the web server, so Instagram, in our case, has to support at least Transport Layer Security protocol 1.2. Connection ciphers have to provide forward secrecy. Certificates that identify the domain names have to be signed using a SHA256 or greater hash algorithm. And invalid certificates prevent any kind of access at all. What if the web service isn't secure? One option you have is not to use it, because it's not secure and as a result the information that is transferred across the Internet tops the part that's not secure but travels between your client and the server that transition is not secured. So you might not wanna use it. Another option is to load an exception. This is something hat you do on your device and you say okay, I recognize all services are strong as I like them to be, I'm going to allow an exception. You can either allow a blanket exception so that you can access anything this is what we did in course one or you can allow a modified exception to only be able to access a certain subset of URLs that don't exhibit perfect forward secrecy. So here's a table from that tech note. And if we wanted to enable our app to access everything on the Internet regardless of transport security, we would change Info.plist to have an NSAppTransportSecurity dictionary with one element in it, which is NSAllowsArbitraryLoads with the value of YES. That's what we did in the first course. In this example, what we're gonna do is we're gonna make specific exceptions for Instagram's websites. So in this case we're going to have ns app transport security dictionary added to our info p list and we're going to add ns exception domains. We're going to use cdn Instagram.com. CDN stands for contribution distribution network it's caching for their data. And we're also gonna use api.instagram.com to enable our app to make certain kinds of calls to those two domains. For each of those entries, we're going to make an exception to needing to reuse forward secrecy because those domains use HTTPS, but they use servers that aren't strong enough, and then we're going to allow subdomains, meaning that any file path after cdninstagram.com will also be exempted. All right, so that's what's going on, Apple is now secure by default, web services may not be and if you want to use them you're gonna need to add an exception info.plist. All right, let's try and do that. All right, so what we're gonna need to do is we're gonna need to access info p list and we know we're gonna need to add a new row and that row is gonna be. Nope sorry, we're not gonna add it to that key you gotta be careful. That was only head before remove that all right, add a new row to our parent and it's going to be NSA App Transport Security, okay and that's going to be a dictionary. All right, and now I'm gonna go back and look at my notes because last time I got the exact spelling not correct and that caused me some problems so let's go back and look at our notes. Okay, we're looking at NSExceptionDomains, that's the next thing that we want, okay? So let's add NS exception domains this is also gonna be a dictionary, then we're going to add cdninstagram.com. That's going to be a dictionary. And we're gonna add another one. And that's gonna be api.instagram.com. And that's going to be a dictionary. And we're going to say we want NS allow subdomains. Now that's gonna be a boolean. We're gonna make it yes. And we're going to allow. NS allow subdomains. That didn't get entered as an element. That got entered as another key. Move that, and CDN Instagram.com. Great. So, that's gonna be a dictionary. That's gonna be a dictionary. We're gonna add NS allow sub domains. That's gonna be boolean. NS allow sub domains. And that's going to be, oops, what'd I do wrong again? I didn't add it, it's tricky that you have to be careful to open it. Okay, so now let's make sure that we have the right key value pairs that are in here. Started doing in and x code crashed so we're just gonna pick up from there. All right so we know that ns ab transport security I'm looking from here to here that's right it's a dictionary. The first thing we enter in is, NS exception domains, that's right. This is not nested and this is not nested. We want a nested element such as cdninstagram.com and that's going to be a dictionary. And we want another domain to be, have an exception, that's gonna be API.instagram.com. We know that's gonna be a dictionary as well. Okay, we're gonna open that accordion. And then within api.instagram.com we want NSException requires forward Secrecy. And make that a boolean and no. Gonna open this accordion and add the same property to this domain. Boolean and no, great. Now we're gonna add another property to api.instagram, which is NSIncludes sub domains, and that's gonna be Boolean, yes. Add another element here, and that's going to be Boolean, and yes. All right, so now if we've spelled everything right, NS includes sub domains, there's an s on there, that matters. [SOUND] There's an "s" on there, that matters. NS includes sub domains, yes. NS exception requires forward. Secrecy, no. Ns exception domains. Ns app transport security, all right. Okay, so now, when we run it, you wait for simulator. When your simulator comes up, we should be able to successfully access Instagram without having anything crash. Okay, we're going to Instagram to authenticate, so far so good. We received a callback, stream has been reopened after close I think everything's good. I added some code in here. One Instagram account is logged in, everything's great. All right so we've successfully registered our callback we've successfully gotten rid of our NS app transport main restrictions. Now it's time to get the data from our callback and actually load in image from our Instagram feed, all right, that's next. [MUSIC]