23249269: App Transport Security difficult to work with when working with IP addresses on the local network

[openradar-mirror]

Description

Summary: I'm working with hardware on the local network that's discovered at runtime using either NSNetServiceBrowser or SSDP. This hardware communicates using unencrypted HTTP, meaning it's blocked by default by App Transport Security. There doesn't appear to be a good way of whitelisting said devices using ATS.

Steps to Reproduce:

1. In the default configuration, try to connect to a HTTP service running on the local network.
2. See that it's blocked by App Transport Security by default.
3. Attempt to whitelist the service in a sensible way using the NSAppTransportSecurity family of Info.plist keys

Expected Results: I'd expect there to be a way to whitelist IP blocks for e.g. local networks. This way, I could whitelist the following:

10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

…and still keep App Transport Security for connections to the outside world.

Actual Results: It's impossible to whitelist services on the local network. The only way I've been able to get around this is to completely disable App Transport Security for my application using NSAllowsArbitraryLoads: YES.

Version: iOS 9.1

Notes:

Configuration: iPhone 6s

Attachments:

Product Version: Created: 2015-10-24T23:33:28.863380 Originated: 2015-10-24T16:32:00 Open Radar Link: http://www.openradar.me/23249269

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860

[openradar-mirror]

Modified: 2015-10-24T23:33:28.869860