iOS9 does not load insecure resources from a secure page (SSL/HTTPS)

This is not related to ATS. WebKit enforces a mixed content policy that disallows access to certain classes of "active" content (JS, CSS, etc) from being loaded over an insecure connection when the host page is being served over https.

If you examine your page in the Inspector you will see this being reported in the error panel.


Follow up: You can't turn off mixed content blocking. Allowing insecure CSS or JS reduces the security of the entire page to that of the least secure resource. The solution if you must load css/js over http is to load the entire page over http. That way the UI seen by the user correctly reflects the security of the content.


In your info.plist you need to add the following App Transport Security keys:

NSAppTransportSecurity                                      Dictionary
    NSAllowsArbitraryLoads                                  Boolean       YES
    NSExceptionDomains                                      Dictionary    
        **YOUR-DOMAIN-HERE**                                Dictionary
            NSExceptionAllowsInsecureHTTPLoads              Boolean       YES
            NSIncludesSubdomains                            Boolean       YES
            NSThirdPartyExceptionAllowsInsecureHTTPLoads    Boolean       YES

Hopefully this should work for you.