This is not related to ATS. WebKit enforces a mixed content policy that disallows access to certain classes of "active" content (JS, CSS, etc) from being loaded over an insecure connection when the host page is being served over https.

这与 ATS 无关。WebKit 强制执行混合内容策略，当主机页面通过 https 提供服务时，该策略禁止通过不安全连接加载某些类别的“活动”内容（JS、CSS 等）。

If you examine your page in the Inspector you will see this being reported in the error panel.

如果您在 Inspector 中检查您的页面，您将看到错误面板中报告了这一点。

Follow up: You can't turn off mixed content blocking. Allowing insecure CSS or JS reduces the security of the entire page to that of the least secure resource. The solution if you must load css/js over http is to load the entire page over http. That way the UI seen by the user correctly reflects the security of the content.

跟进：您无法关闭混合内容阻止。允许不安全的 CSS 或 JS 会将整个页面的安全性降低到最不安全资源的安全性。如果您必须通过 http 加载 css/js，解决方案是通过 http 加载整个页面。这样用户看到的 UI 就正确地反映了内容的安全性。

In your info.plist you need to add the following App Transport Security keys:

在您的 info.plist 中，您需要添加以下 App Transport Security 密钥：

NSAppTransportSecurity                                      Dictionary
    NSAllowsArbitraryLoads                                  Boolean       YES
    NSExceptionDomains                                      Dictionary    
        **YOUR-DOMAIN-HERE**                                Dictionary
            NSExceptionAllowsInsecureHTTPLoads              Boolean       YES
            NSIncludesSubdomains                            Boolean       YES
            NSThirdPartyExceptionAllowsInsecureHTTPLoads    Boolean       YES

Hopefully this should work for you.

希望这对你有用。

App Transport Securityrevised in iOS9 release. Now onwards your application is safe from un secure connection. And iOS forces to make secure connection. This can be conflict in your case.

应用传输安全在 iOS9 版本中修订。现在，您的应用程序不会受到不安全连接的影响。而iOS强制进行安全连接。在您的情况下，这可能会发生冲突。

From Apple documentation

来自苹果文档

If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file

如果您的应用需要向不安全的域发出请求，则必须在应用的 Info.plist 文件中指定该域

So I think this can make an issue while loading .cssfile for web pages.

所以我认为这会在加载.css网页文件时出现问题。

So give a try specify your domain in info.plistand check that .cssfiles are loaded or not.

因此info.plist，请尝试指定您的域并检查.css文件是否已加载。

Edit:

编辑：

Spotlight: You need to add more keys here in info.plist.

聚焦：您需要在info.plist.

Look at this key NSThirdPartyExceptionAllowsInsecureHTTPLoadsthis allows a service domain which is not controlled by developer and add an exception to Transport layer to by pass insecure resources.

看看这个键，NSThirdPartyExceptionAllowsInsecureHTTPLoads它允许一个不受开发人员控制的服务域，并向传输层添加一个例外来绕过不安全的资源。

The structure for adding keys for App Transport Securityis below:

为App Transport Security添加密钥的结构如下：

For more details and explanation about all keys check this note - App Transport Security Technote

有关所有密钥的更多详细信息和说明，请查看此说明 - App Transport Security Technote

Below procedure enable me to open not secure content in WKWebView.

下面的过程使我能够在 WKWebView 中打开不安全的内容。

1. First I added Allow Arbitrary Loads in Web Content = YESand Allow Arbitrary Loads = YESin App Transport Security Settingsdictionary in info.plist.

2. I have added below wkwebview delegate method:

   func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!)) }

   For 2nd step don't forget to register delegate as:

   override func viewDidLoad() { super.viewDidLoad() self.webView.navigationDelegate = self }

1. 首先，我添加在网页内容允许在任意荷载作用= YES，并允许任意负载= YES在应用程序传输的安全设置中的Info.plist字典。

2. 我在 wkwebview 委托方法下面添加了：

   func webView(_ webView: WKWebView, didReceive Challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { completionHandler(.useCredential, URLCredential(trust: Challenge.protectionSpace.serverTrust!)) }

   对于第二步，不要忘记将委托注册为：

   覆盖 func viewDidLoad() { super.viewDidLoad() self.webView.navigationDelegate = self }

On Xcode 8.3.3 (8E3004b)

在 Xcode 8.3.3 (8E3004b) 上

It has changed to

它已更改为

App Transport Security Settings> Allow Arbitrary Loads in Web Content> YES

App Transport Security Settings> Allow Arbitrary Loads in Web Content>YES

I use webkit tool but i can't open the link that ssl not allow (some https links) and it's work on swift4 by this code (you must declare delegate before)

我使用 webkit 工具，但我无法打开 ssl 不允许的链接（某些 https 链接），并且它可以通过此代码在 swift4 上工作（您必须先声明委托）

override func viewDidLoad() {
    super.viewDidLoad()

    let url = URL(string: currentAttach.fileUrl!)
    let req = URLRequest(url:url!)
    self.webView!.load(req)
    self.webView.navigationDelegate = self

    }
}

extension ViewController: WKNavigationDelegate{

    //MARK:- WKNavigationDelegate
    //For Allow SSL https
    func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
        completionHandler(.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
    }

    func webView(_ webView: WKWebView, didFailProvisionalNavigation navigation: WKNavigation!, withError error: Error) {
        print(error.localizedDescription)
    }

    func webView(_ webView: WKWebView, didStartProvisionalNavigation navigation: WKNavigation!) {
        print("Strat to load")
        startLoading()
    }

    func webView(_ webView: WKWebView, didFinish navigation: WKNavigation!) {
        print("finish to load")
        stopLoading()
    }

}