As far as i understood the whole ATS (App Transport Security - iOS 9) thing, the recommended method from area28 should not be the one you're using inside an application.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key><true/>
</dict>
This will allow all external requests to every domain what is definitively not the way you should use it. In my opinion you should define a new <dict>
inside your info.plist
and add this code to it (to edit the info.plist
you can just use a normal text editor like sublime text etc.):
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>domain.tld</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
This will only allow requests to the domain you specified. The described way is the one which apple introduced on the WWDC 2015. As you can see on the screenshot, it's the way apple want the users to use it.
If you haven't specified anything, you'll get
Failed to load webpage with error: The resource could not be loaded
because the App Transport Security policy requires the use of a secure
connection.
So, change it like i said and the error is gone away.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…