In iOS 9, Apple introduced a new security feature called App Transport Security (ATS). It’s designed to make apps more secure by requiring network connections be made over HTTPS. This applies to all network connections, including calls made to external web services, attempts to load external URLs in UIWebViews, and more.
If an app attempts to connect over HTTP, this alert will be logged to the console:
App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
ATS is enabled by default. However, Apple has given us a way to disable it. Here’s how:
• Open your Xcode project and select the Info.plist file.
• Right-click in the editor window, and select Add Row.
• Select “App Transport Security Settings.” Its type should be set to Dictionary.
• Expand the dictionary by clicking the disclosure icon to the left of the new row.
• Click the “+” icon located to the right of the new entry.
• Select “Allow Arbitrary Loads.” Its type should be Boolean. Change its value to “Yes.”
Rebuild your app, and you should find that calls made over HTTP work properly.
In Xcode, you can view a plist file as an XML document. To do so, right-click on the plist file and select Open As > Source Code.