WKWebView http -> https redirection for iOS 10 ATS Compliance

Question

iOS 10 has foisted https upon us and totally broken an application I'm developing. The application is partly an RSS reader. The URLs we get from the RSS feeds are often HTTP URLs, both for the sites, and the metadata images. These HTTP URLs are redirected to the https versions when available just fine in safari and SFSafariViewController. However, when using WKWebView, this redirection does not happen. The OS just blocks the non-https load altogether. If I try to hack around the issue by swapping "http" for "https" in the URL, often the sites break as they load their images, CSS and JavaScript from HTTP CDNs and those requests get blocked too. How can I get the same behavior in WKWebView as seen in Safari? Is there a configuration I can set? It seems crazy to me that Apple would make this change and just break clients using WKWebView.

P.S. Facebook is able to work around this somehow. I can't tell if it's a heavily hacked SFSafariViewController or they've somehow made the web view work. Does anyone know how they've accomplished this?

Answer 1

Use NSAllowsArbitraryLoads. The key is still available for use; Apple just wants to make sure you have a good reason to use it. Displaying external content inside your app qualifies as such. Once the Apple ATS rules go into effect, you will need to provide an explanation why you need it, and why NSAllowsArbitraryLoadsInWebContent is not enough. Since you already have answers for that, there should be no problem getting your app pass the review process with NSAllowsArbitraryLoads.

As a note, Apple has postponed ATS requirement and will not go into effect in January 2017.