iOS 9 ... Are WebView(s) exempt from the App Transport Security Exceptions (ATS) rules that block insecure HTTP hosts?

ios uiwebview ios9 wkwebview app-transport-security
Ben Guild picture Ben Guild · Jun 26, 2015 · Viewed 17.8k times · Source

In iOS 9, Apple is blocking insecure HTTP connections for apps, unless specific hosts are whitelisted.

http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

Are WebView(s) exempt from these rules for obvious reasons, or are we still expected to whitelist hosts that a browser opens... including all links from a given page?

I wasn't sure if this was our responsibility or if that was exempt.

Answer

cannyboy picture cannyboy · Jul 15, 2015

SFSafariViewController can show HTTP without the NSAppTransportSecurity key.

UIWebView and WKWebView require the NSAppTransportSecurity key mentioned above to display HTTP pages.

Related questions

How to load local html file into UIWebView

I'm trying to load a html file into my UIWebView but it won't work. Here's the stage: I have a folder called html_files in my project. Then I created a webView in interface builder and assigned an outlet to …

Read More
Can I set the cookies to be used by a WKWebView?

I'm trying to switch an existing app from UIWebView to WKWebView. The current app manages the users login / session outside of the webview and sets the cookies required for authentication into the the NSHTTPCookieStore. Unfortunately new WKWebView doesn't use the …

Read More
UIWebView open links in Safari

I have a very simple UIWebView with content from my application bundle. I would like any links in the web view to open in Safari instead of in the web view. Is this possible?

Read More