Guess what? iOS 9 and XCode 7 are finally out, and – like almost always – there’s the usual number of breaking changes that will drive most developers mad. Among the biggest ones there’s the new Apple Transport Security (ATS) feature, which happens to be enabled by default starting from iOS 9.0 and OSX 10.11 and will basically block any non-HTTPS connection for your App.
Yeah, you’ve read it right. Here’s the Apple official statement about that:
It improves the privacy and data integrity of connections between an app and web services by enforcing additional security requirements for HTTP-based networking requests. Specifically, with ATS enabled, HTTP connections must use HTTPS (RFC 2818). Attempts to connect using insecure HTTP fail. Furthermore, HTTPS requests must use best practices for secure communications.
This will undoubtely translate into tears of joy for a lot of developers relying to home-made web services hosted on non-HTTPS environments or non-TLS based storage services (such as Amazon AWS).