With iOS 9, Apple introduced App Transport Security (ATS). ATS makes applications safer and more secure by prohibiting the use of non-HTTPS resources. This is a great security feature, as it protects your users from a wide range of attacks that can be executed on regular HTTP connections.
If you paid close attention to the URL we were using to fetch movies, you would have noticed that we attempted to use an HTTPS resource, so we should be fine. However, our network requests are still blocked by ATS. Why is this?
Well, Apple has strict requirements. At the time of writing this book, the movie database used the SHA-1 signing of certificates, whereas Apple required SHA-2. Because of this, we will need to circumvent ATS for now. Our users should be safe regardless, since the movie database supports HTTPS, just not the version Apple considers to be secure enough.
To do this, open the Info.plist file and add a new dictionary key named App Transport Security Settings. In this dictionary, you will need an Exception Domains dictionary. Add a new dictionary key named themoviedb.org to this dictionary and add two Booleans to this dictionary. Both should have YES as their values, and they should be named NSIncludesSubdomains and NSTemporaryExceptionAllowsInsecureHTTPLoads. Refer to the following screenshot to make sure that you've set this up correctly:
If you add a new movie to a family member now, nothing updates yet. However, if you go back to the family overview and then back to the family member, you'll see that the rating for the most recent movie is updated. Great! Now all we need to do is make sure that we observe the managed object context for updates to the movies so we can reload them if their rating changes.