From Xojo Documentation
Used to send and receive data via the HTTP 1.1 protocol.
Usage on Linux requires libsoup 2.4.
In order to use HTTPSocket with TLSv1.2 on Windows 7, KB3140245 needs to be installed using Windows Update and the DefaultSecureProtocols Registry subkey needs to be configured.
TLSv1.2 is not supported when using Xojo.Net.HTTPSocket on OS X 10.7 and 10.8 due to limitations of those systems.
Use an HTTPSocket when you need to upload or download information on the web. You can download files, communicate with REST web services and other APIs and do any type of HTTP 1.1 communication.
HTTPSocket handles both standard "http" connections and secure "https" connections.
HTTPSocket has a default timeout of 60 seconds, which cannot be changed.
Unlike the classic HTTPSocket, Xojo.Net.HTTPSocket does not support synchronous usage. It only works asynchronously by using the events as described below.
Do not attempt to re-use a socket that is still in use (e.g. directly from the PageReceived or FileReceived events). One solution is to use a separate Timer that checks if the socket is available before attempting to use it again, but for bests results you will probably want to create a new socket.
SizeUnknown -1 An unknown number of bytes was received.
iOS and OS X Information (App Transport Security)
Starting with iOS 9 and OS X 10.11 (with 2018r4), you have to use secure "https" connections or you will get this error: "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection". To continue to connect to non-secure "http" connections that you do not control you'll have to provide a plist with a temporary exception specified for each site you are accessing via http:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>firstsite.com</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> <key>secondsite.com</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> </dict> </dict> </plist>
If you don't know the specific sites, you can request access to everything using a single key:
<key>NSAppTransportSecurity</key> <dict> <!-- Include to allow all connections; avoid if possible --> <key>NSAllowsArbitraryLoads</key> <true/> </dict>
Apple may reject your App Store submission if you app uses these settings without valid reasons.
For more information about this, refer to NSAppTransportSecurity in Apple's docs.
Apparently there is a bug in iOS that prevents the use of IP addresses in this plist. So to enable http on your local computer for testing use "localhost" rather than "127.0.0.1" and be sure to use "http://localhost" in your URLs instead of "http://127.0.0.1".
For more information: UserGuide:App Transport Security