App Transport Security Exclusions
With iOS 9, Apple has introduced App Transport Security (ATS) - a new security system requiring all requests made within the app to have a secured network connection.
Many native iOS apps written before iOS 9 use unsecured connections for simple REST requests or loading images from an image server. To ensure these requests are accepted in iOS 9, you may need to modify the
Info.plist within the app.
ATS will reject any unsecured (HTTP) requests from being made. It will also reject secured (HTTPS) requests if they do not use best practices for secure communications.
This security measure will most likely affect the loading of image URLs that Personalization has provided. Therefore, it is best to test the loading of images within the app to determine whether or not it is necessary to make an exception for your image server.
It may be challenging to determine whether or not App Transport Security is rejecting the loading of images. The only sign would be a
UIImageView not displaying a
UIImage. You may see errors in your console output that reference ATS directly. To determine whether the image data is loaded correctly, it is best to put a breakpoint in the campaign handler.
Apple does offer a way to configure ATS from within your
Info.plist file. You can opt-out of specific domains by using
NSExceptionDomains. For information on making domain exceptions, refer to the Apple Cocoa Keys documentation on