iOS9 Network API Limitation

Network API Limitation

Above iOS9, Apple added security enhancement for WebView(UIWebView, WKWebView) and any Network API, NSURLRequest …
By default, https is allowed to access any websites.
All access converts https automatically by iOS
So, we cannot use http connection and cannot see Non SSL webpage without settings.

Disable All

This is not recommendation, but if your application is web browser or something, we have no choice.
To disable this feature, we need to edit Info.plist

<key>NSAppTransportSecurity</key>
<dict>
   <key>NSAllowsArbitraryLoads</key>
   <true/>
</dict>

Allow everything, it’s not good for security.

Apple Details : App Transfer Security

Add exception

Add exception

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
        <key>jp</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

Allow .jp, .com We can add domain level.