In iOS 9 (and OS X 10.11), the operating system requires HTTPS by default when you make any HTTP connection. This is definitely a good thing. However, there might not be time to fix up your own servers or if maybe you are connecting to a third party API that you have no control over. To workaround that, you can specify exceptions in your
There's a few key-value pairs you can use for various effects. But here's the common ones.
NSAllowsArbitraryLoads for a complete bypass of the HTTPS requirement. Obviously, this is the last resort.
<key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict>
You should use NSExceptionDomains like this to specify specific domains (and whether subdomains are included) like these:
<key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>api.myapidomain.com</key> <dict> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> </dict>