iOS 9 … Are WebView(s) exempt from the App Transport Security Exceptions (ATS) rules that block insecure HTTP hosts?

Question

In iOS 9, Apple is blocking insecure HTTP connections for apps, unless specific hosts are whitelisted.

http://ste.vn/2015/06/10/configuring-app-transport-security-io

Answer 1

SFSafariViewController can show HTTP without the NSAppTransportSecurity key.

UIWebView and WKWebView require the NSAppTransportSecurity key mentioned above to display HTTP pages.