Loading data from insecure HTTP hosts in iOS 9 with NSURLSession
Since iOS 9 and OS X 10.11 Apple has introduced a feature called App Transport Security (ATS). Among other things it disallows loading data from insecure HTTP hosts by default. It means, for example, that loading a text file from http://yoursite.com/file.txt URL will no longer work in iOS 9.
There are two ways of fixing this problem:
- Either change URLs from http:// to https:// which requires an SSL certificate to be installed on the server.
- Or add an exception to the Info.plist file to allow using insecure HTTP protocol. The yoursite.com text in the following example needs to be replaced with your domain name.
<key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>yoursite.com</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> </dict>
- Networking with NSURLSession: WWDC 2015 video.