ATS Configuration on Node.js with Express.js on Https

Question

I have a node.js server that must receive json calls from a node.js application that uses express to manage routers, the iOS application makes calls to routers passing json values. I also add that if I work in http I do not have any kind of problem!

My problem is that I can not configure the apple ATS. How can I do?

Below I entered both the code and the information related to Info.plist.

Error:

ATS Default Connection
2018-05-18 08:54:14.070 nscurl[7310:57407] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
Result : FAIL
---

Swift:

func Login(Username: String, Password: String, completion: @escaping (Int) -> ())
    {
        let semaphore = DispatchSemaphore(value: 1)
        semaphore.wait()
        let db = Database() /* https://172.16.53.247:8989 */
        let json: [String: Any] = ["Username": "" + Username, "Password": "" + Password]
        let jsonData = try? JSONSerialization.data(withJSONObject: json)
        var request = URLRequest(url: URL(string: db.GetServerURL() + "/login")!)
        request.httpMethod = "POST"
        request.httpBody = jsonData
        let task = URLSession.shared.dataTask(with: request) { data, response, error in
            guard let data = data, error == nil else {
                print(error?.localizedDescription ?? "No data")
                completion(0)
                return
            }
            let responseJSON = try? JSONSerialization.jsonObject(with: data, options: [])
            if let responseJSON = responseJSON as? [String: Any] {
                let read = responseJSON["return"]!
                let IdUser=Int(String(describing: read))!
                if (IdUser > 0) {

                    completion(IdUser)
                }
                else {
                    completion(0)
                }
            }

        }
        task.resume()
        semaphore.signal()
    }

Node.js Server:

const fs = require('fs');
const http = require('http');
const https = require('https');
const express = require('express');

const port = 8989;

const options = {
    key: fs.readFileSync('./Config/server-key.pem'),
    cert: fs.readFileSync('./Config/server-cert.pem'),
};

var app = express();

var server = https.createServer(options, app).listen(port, function(){
  console.log("Express server listening on port " + port);
});

app.get('/', function (req, res) {
    res.writeHead(200);
    res.end("hello world\n");
});


module.exports = app;

ATS Configuration:

Answer 1

I was looking for a solution to your problem and found a problem that ATS exceptions do not work with IP addresses.

So I found two possible solutions:

1) Convert your IP address to a real domain name. You may use xip.io service to "convert" the local IP address to a domain name.

2) Turn off ATS altogether:

<key>NSAppTransportSecurity</key>
   <dict>
       <key>NSAllowsArbitraryLoads</key>
       <true/>
   </dict>

While this solution is known to be vulnerable, it is the only solution I would recommend during development.