App Transport Security and Numbered IPs

From what I saw, it is not possible to add a numbered IP as an

NSExceptionDomains

.

Correct.

My application fetches content from a CDN like server with a numbered IP (something like 42.42.42.42)

I recommend against this. Even if you ignore the ATS side of things, you still have to deal with IPv6-only networks (DNS64/NAT64). While IPv4 numbers do work in that context, due to the magic of RFC 7050, at least on modern systems, you’re very much relying on a compatibility crutch. It would be better, IMO, to give each node in your CDN a DNS name.

This is over http and not https.

I strongly recommend again using HTTP here. HTTPS protects the user from various threats, even when the actual content is public.

I would like to know whether this traffic will go through if ATS is enabled.

That depends on your OS release:

• On iOS 10 ATS is not applied to requests that target an IP address.

• On iOS 9 ATS is applied to requests that target an IP address. And, as you’ve noted, there’s no way to add an exception for these, so you have to use some wide ranging exception.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thank you for the quick reply!

Out of curiosity, why is there a difference in behaviour on the applicability of ATS on IP addresses, in iOS10 and iOS9?

Out of curiosity, why is there a difference in behaviour on the applicability of ATS on IP addresses, in iOS10 and iOS9?

Honestly, I don’t know for sure. I suspect it was tied into the implementation of

NSAllowsLocalNetworking

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"