WARNING: Allowing Self-Signed Certificates in your React Native app can create serious security implications if your app is published to the App Store. This article is recommended ONLY for the development process or when deploying as an Enterprise app in a controlled network environment.

Sometimes you really need to grant your React Native app the ability to connect via HTTPS to servers with self-signed certificates, or servers with a Root-CA that your devices may not have installed. It’s fairly simple to do so.

Open your .xcworkspace in Xcode, and add a new file into your project’s folder:

Choose Objective-C File and select Next:

Name the file RCTHTTPRequestHandler+<some extension>. This will allow you to “extend” the native RCTHTTPRequestHeader.m from your react-native npm package. I usually name it “RCTHTTPRequestHandler+ignoreSelfSigned”. Name the file and select Next:

On the next screen, just select Create:

Xcode will open the file for editing, and provide a template that you can simply ignore. Here’s what your file contents should look like:

//  RCTHTTPRequestHandler+ignoreSelfSigned

#import <React/RCTBridgeModule.h>
#import <React/RCTHTTPRequestHandler.h>

@implementation RCTHTTPRequestHandler(ignoreSelfSigned)

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler
  completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);

Save and build your app, et voilĂ , your app will be able to connect to servers you otherwise weren’t able to.

Thanks to Stack Overflow for the function, this should just make it easier to implement.

Leave a Reply

Your email address will not be published. Required fields are marked *