Judging by the screenshot, it appears you might be using a .dev domain. If so, you will not be able to disable ATS because Google owns the .dev domain, and they have chosen to require all .dev domains require HTTPS. In iOS 11, Apple supports HSTS preloading, which allows certain domains to be restricted to secure connection only. The .dev top-level domain (TLD) is now one of those TLDs that require HTTPS. See more about that here: https://stackoverflow.com/a/47698675/3708242
You screenshot includes an ATS exception that ends in .dev, but your comments specify a different domain. I'm assuming that maybe there are multiple exceptions in your Info.plist, and you use the .dev for internal testing against a local server. If that is the case, simply change the domain for your internal testing to something other than *.dev
. Also, not that the exception in your screenshot is not correct, as it includes http:// in the exception domain. Instead of an entry in the InfoPlist like "http://mylocalserver.local", you should just have "mylocalserver.local" (no http://).
If your entry for abc.pqr.lmn
is the same (it also includes the protocol in the exception domain), remove the "http://" and it should work.
Also, your exceptions list is a bit of a mess. If you are not using https at all, you should be able to remove all the entries except for NSExceptionAllowsInsecureLoads
. All the other settings you specify are for if you want to allow for HTTPS connections that don't support the minimum requirements for ATS. If you are just trying to non-secure HTTP traffic, get rid of the others.
So in summary:
- Don't use a .dev domain for local testing, as Google owns the top-level domain now and requires all new browsers / OSs to use HTTPS when connecting to anything that ends in .dev.
- Don't include "http://" in your ATS exception domains in your Info.plist
- It doesn't have anything to do with it being in Objective-C - it has to do with iOS 11 implementing HSTS preloading.