Why must I use HTTPS when inserting data via Craft?

Background

With the release of Sketch v42, Bohemian Coding has begun enforcing a macOS-level preference that requires that all web traffic that Sketch generates uses HTTPS. This is something Apple strongly recommends to improve the security of applications, but as a consequence this means that websites which don’t support HTTPS won’t be accessible when trying to pull data via Craft Data’s web and JSON options.

For example, trying to pull data via Craft Data from http://blog.invisionapp.com/ won’t work because it’s using HTTP not HTTPS. Attempting to access this site via Craft Data will display a message: 

In older versions of Craft Data you might instead see:

The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.

For more on the difference between HTTP and HTTPS we encourage you to check out https://www.entrepreneur.com/article/281633 which provides a good (though slightly technical) summary of the situation.

Workaround

If attempting to access a site that begins with http:// then changing this to https:// may allow access if the website supports HTTPS. For example, changing http://www.weather.com to https://www.weather.com should enable this site to be used with Craft.

Unfortunately, not all sites do support HTTPS at this time. For example, changing http://www.cnn.com to https://www.cnn.com will display a broken page. At this time, there’s nothing we can do to workaround this limitation since it is a fundamental limitation of Sketch as of v42.