I was wondering how a sample app (https://developer.apple.com/library/ios/samplecode/sc1791/Introduction/Intro.html) from Apple was able to establish "clear" http connection without any App Transport Security exception. I thought initially that it was the AVFoundation automatic exception for encrypted HLS mentioned during the WWDC 2016 (lecture 706). But I can't reproduce it with my app.
There seems to be an automatic ATS exception for clear http request to *.apple.com. The very simple ios app code below shows funny results:
#import "ViewController.h"
@interface ViewController ()
@end
@implementation ViewController
- (void) loadUrl:(NSString*)url {
NSData* data = [[NSData alloc] initWithContentsOfURL:[NSURL URLWithString:url]];
if ( data == nil ) {
NSLog (@"Failed %@", url);
} else {
NSLog(@"Success %@", url);
}
}
- (void)viewDidLoad {
[super viewDidLoad];
// Do any additional setup after loading the view, typically from a nib.
setenv("CFNETWORK_DIAGNOSTICS", "3", 1);
[self loadUrl:@"http://images.apple.com/v/ipad-pro/d/built/styles/main.built.css"];
// P.S. images.apple.com = 23.204.108.40
[self loadUrl:@"http://23.204.108.40/v/ipad-pro/d/built/styles/main.built.css"];
[self loadUrl:@"http://stackoverflow.com/"];
}
- (void)didReceiveMemoryWarning {
[super didReceiveMemoryWarning];
// Dispose of any resources that can be recreated.
}
@end
The output log is:
2016-07-08 17:58:33.003 test_ats[1392:79179] CFNetwork diagnostics log file created at: /Users/-------/Library/Developer/CoreSimulator/Devices/67E929A8-9487-404B-87C1-35FB38CD67DE/data/Containers/Data/Application/D4D0CA81-889E-4E58-A4F8-DBDDB516AC1B/Library/Logs/CrashReporter/CFNetwork_com.------.test-ats_1392.nwlrb.log
2016-07-08 17:58:33.085 test_ats[1392:79130] Success http://images.apple.com/v/ipad-pro/d/built/styles/main.built.css
2016-07-08 17:58:33.086 test_ats[1392:79189] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
2016-07-08 17:58:33.086 test_ats[1392:79130] Failed http://23.204.108.40/v/ipad-pro/d/built/styles/main.built.css
2016-07-08 17:58:33.087 test_ats[1392:79130] Failed http://stackoverflow.com/
The network diagnostic file shows that the first http request passed and two others were blocked by ATS (if -1022 is indeed ATS)
[...]
Response Error
Request: <CFURLRequest 0x7fa328c4e5c0 [0x10e795a40]> {url = http://23.204.108.40/v/ipad-pro/d/built/styles/main.built.css, cs = 0x0}
Error: Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"
[...]
Response Error
Request: <CFURLRequest 0x7fa328c54240 [0x10e795a40]> {url = http://stackoverflow.com/, cs = 0x0}
Error: Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"
[...]