iOS Endpoints require SSL


Example

Introduced in iOS 9, all endpoints must adhere to the HTTPS specification.
Any endpoints not using SSL will fail with a warning in the console log. To your application it will appear that the internet connection failed.

To configure exceptions: Place the following in your Info.plist file:

  1. Allow particular domain (testdomain.com) only:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
    <key>testdomain.com</key>
    <dict>
        <key>NSIncludesSubdomains</key>
        <true/>
        <key>NSExceptionAllowsInsecureHTTPLoads</key>
        <true/>
    </dict>
</dict>

The key that permits such behavior is NSExceptionAllowsInsecureHTTPLoads. In this case, app will allow HTTP connection to mentioned domain (testdomain.com) only and block all other HTTP connections.

The key NSIncludesSubdomains specifies that any and all subdomains of the mentioned domain (testdomain.com) should also be allowed.

  1. Allow any domain:
<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

In this case, app will allow HTTP connection to any domain. As of January 1st 2017, using this flag will cause thorough App Store review and the app developers will have to explain why they need to use this exception in the first place. Possible explanations include:

  • An application that loads encrypted media content that contains no personalized information.
  • Connections to devices that cannot be upgraded to use secure connections.
  • Connection to a server that is managed by another entity and does not support secure connections.