Recently apple has mandated certificate transparency for application. Possibly, after that ajax API communication stopped working in iOS 10.3. But it is working properly in iOS 11.
Following is security configuration in our application which causes the above issue.
<access minimum-tls-version=“TLSv1.2” origin="[https://abcd.dummydomain.com] requires-certificate-transparency=“true” requires-forward-secrecy=“false” />
If we make following configuration in XCode – info.plist, it works for the same server.
NSExceptionAllowsInsecureHTTPLoads = YES.
But to have this key may cause the apple rejection during release. What kind of justification we need to provide to apple? OR is there any other way to bypass this issue without having the NSExceptionAllowsInsecureHTTPLoads key in iOS 10.3?