Open Radar

 
Quoting from this page:

https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html, under the section "Availability of ATS for Remote and Local Connections"

--------------------------
App Transport Security (ATS) applies only to connections made to public host names. The system does not provide ATS protection to connections made to:

• Internet protocol (IP) addresses
• Unqualified host names
• Local hosts employing the .local top-level domain (TLD)

To connect to an unqualified host name or to a .local domain, you must set the value of the NSAllowsLocalNetworking key to YES.

Note: Although ATS is unenforced for connection to local hosts, Apple strongly recommends using Transport Layer Security (TLS) for any local connection, along with the use of a self-signed certificate to validate the local IP address.
--------------------------


There are a couple of problems here, IMO:

- This sentence "App Transport Security (ATS) applies only to connections made to public host names. The system does not provide ATS protection to connections made to:" makes it imply that ATS will not apply to the following list. However, that is only true if you set the value of the NSAllowsLocalNetworking key to YES. By default, all of these types will raise an ATS error by default. (I tried both an IP address and a .local domain address without specifying NSAllowsLocalNetworking, and in both cases I received an ATS error).

- The note underneath the 3 bullets, "To connect to an unqualified host name or to a .local domain, you must set the value of the NSAllowsLocalNetworking key to YES." made me think that IP Addresses were different, and I would be able to connect to an IP Address without doing anything. That is incorrect. I need to set the value of NSAllowsLocalNetworking to YES to connect to an IP Address.

This section of the documentation should be modified to mention that you must set NSAllowsLocalNetworking to YES for any of the following to apply.