Introduced in iOS 9, all endpoints must adhere to the HTTPS specification.
Any endpoints not using SSL will fail with a warning in the console log. To your application it will appear that the internet connection failed.
To configure exceptions: Place the following in your Info.plist file:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>testdomain.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
The key that permits such behavior is NSExceptionAllowsInsecureHTTPLoads
. In this case, app will allow HTTP connection to mentioned domain (testdomain.com) only and block all other HTTP connections.
The key NSIncludesSubdomains
specifies that any and all subdomains of the mentioned domain (testdomain.com) should also be allowed.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
In this case, app will allow HTTP connection to any domain. As of January 1st 2017, using this flag will cause thorough App Store review and the app developers will have to explain why they need to use this exception in the first place. Possible explanations include: