Apple made a radical decision with iOS 9, disabling all unsecured HTTP traffic from iOS apps, as a part of App Transport Security.

This helps in enforcing security best practices, but in many scenarios, you, the developer, don’t control the server, or if you do, you want to load external content like arbitrary links in an in-app browser.

If you try to make HTTP requests with ATS enabled (using NSURLSession or libraries like AFNetworking), you’ll see errors like this:

Error Domain=NSURLErrorDomain Code=-1004 "Could not connect to the server." UserInfo=0x12ed5bad0 {NSUnderlyingError=0x12ee495b0 "The operation couldn’t be completed. (kCFErrorDomainCFNetwork error -1004.)" Or this: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) Or this: App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.

Here’s how to disable ATS entirely. Open Info.plist, and add the following lines:

Your Info.plist should look like this after adding these lines: Please keep in mind that this solution should be your last resort. You’d ideally want to enable HTTPS on your service, or next, whitelist domains on which you want HTTP and if none of this is possible, then use this approach. Refer to this post for the finer details.