Disable App Transport Security in Xcode 9.2?

Question

I cannot disable App Transport Security (ATS) in Xcode 9.2. I have been (for years) disabling ATS when running builds against my local server environment like so:

Transp

Answer 1

On the navigator on the left-hand side of the screen in XCode, click your main project file, in which all the files and folders are stored. Click on the Info tab. Under "Custom iOS Target Properties", you used to see an option to change the App Transport Security Settings (ATS). It is not explicitly stated, but still available.

As you mouse over the options, you should see a + in a small circle. Click on it. XCode will prompt you to create an "Application Category". IN that list that appears, scroll up and select "App Transport Security Settings".

Click on that option. Once that is created, it should prompt you to change the BOOL value (default should be "NO"). At the far right, you should see a set of up and down arrows. Click on this to change the BOOL to yes.

Answer 2

I didn't originally put it together, but I think what is happening is that with iOS 11, Apple is supporting HSTS. I believe that support for HSTS preload lists, in combination with Google recently adding the .dev TLD to the HSTS preload list, is likely causing iOS to try to force you to use https, which is failing (I missed that you are trying to use a .dev local domain for testing, which is really the key element here).

I think your only solution is to change your local testing domain to something other than a .dev domain. If you do that, you should be able to connect, and it won't try to force you to https on your local dev environment.

In short, Google has gotten rights to the .dev top level domain, and recently added it to the HSTS preload list to force all communication with .dev domains to be secure. On devices that support HSTS preload lists, this causes all traffic to redirect through HTTPS, which will cause errors on servers that don't support HTTPS.