In iOS 9 and OS X 10.11, Apple introduced App Transport Security (ATS), a low-level set of restrictions on apps’ network connections. One of the most visible of these restrictions is the requirement that apps no longer make connections over plain HTTP; instead, the OS enforces the use of HTTPS unless explicitly told otherwise.
There’s already been lots of great discussion about how ATS works – see, for example, Neglected Potential’s Working with Apple’s App Transport Security. Apple has also provided a descriptive tech note on the feature, clearly documenting the expectations of ATS and the exceptions that remain available to developers. And the community has noted in several articles that turning ATS off entirely is generally a Bad Idea.
This article is aimed at a different purpose: to look at the different speed bumps that can show up while building an app alongside ATS, and to explain how to get around them. There are lots of great little tricks that have only cropped up in OS X release notes or on Stack Overflow, or that can only be discovered by building a sample app. Let’s start by digging into where ATS applies.Read on →