Safari on iOS 15 and macOS Monterey Automatically Upgrades Web Connections to HTTPS on Compatible Sites for Improved Security.

The release of this feature has created disruption in the onboarding process for new installations of our M-Pesa App in iOS devices. Because when using our app for the first time, we use a plain text HTTP session with header enrichment containing the mobile number of the customer to later send a token as some sort of 2FA. Because of this feature, and the HTTP sessions being upgraded to HTTPS, we fail to enrich the header, therefore the flow gets stuck. Althought we working on an alternative OTP solution, we would like to know if there are no specifc device setting that can whitelist this activation URL from this HTTPS upgrade feature?