Xcode-beta (7A192o): NSURLSession when sending HEAD request, it will not respect NSAppTransportSecurity exception

Originator:francis
Number:rdar://22488451 Date Originated:29-Aug-2015
Status:Open Resolved:NO
Product:Developer Tools Product Version:
Classification: Reproducible:
 
Summary:
When use NSURLSession to sending a HEAD request, with custom delegate to disable redirect, the session will not respect NSAppTransportSecurity. 

i.e. All request will timeout if they are not https, even we made an exception in NSAppTransportSecurity.

Steps to Reproduce:
1. In Info.plist set NSAppTransportSecurity > NSAllowsArbitraryLoads = YES
2. Made a custom NSURLSession with delegate to disable redirect
3. Made a HEAD request.

Expected Results:
The HEAD request should success.

Actual Results:
The HEAD request failed with timeout.

Notes:

If it is not a HEAD request but a GET request, the session will run properly. 
If the URL is a HTTPS URL, the session will run properly.

Sample project to reproduce the issue: https://www.dropbox.com/s/4iezu0q36jp1ylj/HTTPHead.zip?dl=0 

Please check the HTTPHeadTests.swift (https://github.com/siuying/RadarSample/blob/master/HTTPHead/HTTPHeadTests/HTTPHeadTests.swift)

Comments

NSURLSession will not respect NSAppTransportSecurity exception if redirect is disabled with delegate

Further tests show that only the delegate affect the result, not the request method.


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!