Hi,
I started this thread almost a year ago, because of the issues of App Transport Security in combination with local/private networks. The workaround eskimo posted for bonjour based hostnames (.local) is nice, but not a solution for every case. In my opinion something like NSAllowsArbitraryLoadsLocalNetworkOnly is still needed.
I just looked throught the iOS 10 Beta API docs and unfortunately I can't see any addtions that go into that direction. The only new addition seems to be NSAllowsArbitraryLoadsInWebContent, which is only relevant for Web-Content (WKWebKit).
Apple today at WWDC also announced, that ATS is mandatory by the end of 2016 for all AppStore submissions.
I am aware that iOS 10 is in Beta and there might be still additions, but the current state of things makes me quite worried.
The general concept of ATS and protecting users is great, but for applications doing data transfer on the private/local network its use is just not practical in many cases (there are plenty of examples in this thread).
@eskimo: You know the internal processes at Apple better than any of us here. There were numerous bug reports filled for this issue in 2015 and also (I assume) several DTS incidents. What can we do that the issue gets the required attention and the actual framework developers take a look at it?
Cheers,
Hendrik