App Transport Security and IP addresses in iOS9

I develop my iOS app using a local server running on my dev box. When testing on devices, I connect directly via an IP address, which is over HTTP and not HTTPS (so I don't have to deal with self-signed certs while in development, which the device wouldn't even like anyways).

I thought that this would be sufficient:

enter image description here

However, cannot get it to work without also adding NSAllowsArbitraryLoads = YES, AKA this:

enter image description here

Now, I will have to remember to remove this when rolling a production build but not during development...arg. Should the NSExceptionDomains work with IP addresses, and if not, is there anything else I can do without also enabling NSAllowsArbitraryLoads?


Hard-coded IP address wont work in iOS9. I also faced the same issue. Tried all permutations & combinations of available solutions. Finally, had to use a proper domain name.

So, NO.In iOS9 you just can't get away with hard-coded IP addresses.


is there anything else I can do without also enabling NSAllowsArbitraryLoads?

One workaround is to use xip.io, as explained by QJeffR in this Apple Developer Forums thread (which was shared by David L in his comment):

A DNS call to (for example) 10.0.1.8.xip.io will resolve to 10.0.1.8, allowing use of the domain instead of the IP address for the NSExceptionDomains key.


As @PanxShaz said you can't put an hardcoded IP address but you can use an easy workaround:

  1. Open your /etc/hosts file using sudo and add a new local domain name for your ip address. Example:

    192.168.99.100 docker-host.localhost

  2. Then flush your DNS :

    dscacheutil -flushcache

  3. And finally use this new local domain in your app transport security exceptions.


If you are targeting iOS 10+, just set the NSAllowsLocalNetworking flag.