ChatGPT解决这个技术问题 Extra ChatGPT

Android 8: Cleartext HTTP traffic not permitted

I had reports from users with Android 8 that my app (that uses back-end feed) does not show content. After investigation I found following Exception happening on Android 8: 

08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)

(I've removed package name, URL and other possible identifiers)

On Android 7 and lower everything works, I do not set android:usesCleartextTraffic in Manifest (and setting it to true does not help, that is the default value anyway), neither do I use Network Security Information. If I call NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(), it returns false for Android 8, true for older version, using the same apk file. I tried to find some mention of this on Google info about Android O, but without success.

This happens on an app I maintain because the server redirects from HTTPS to HTTP in some instances.
check here codechacha.com/en/android-cleartext-http-traffic-issue

N
Nick

According to Network security configuration -

Starting with Android 9 (API level 28), cleartext support is disabled by default.

Also have a look at Android M and the war on cleartext traffic

Codelabs explanation from Google

Option 1 -

First try hitting the URL with https:// instead of http://

Option 2 -

Create file res/xml/network_security_config.xml - 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">api.example.com(to be adjusted)</domain>
    </domain-config>
</network-security-config>

AndroidManifest.xml - 

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:networkSecurityConfig="@xml/network_security_config"
        ...>
        ...
    </application>
</manifest>

Option 3 -

android:usesCleartextTraffic Doc

AndroidManifest.xml - 

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:usesCleartextTraffic="true"
        ...>
        ...
    </application>
</manifest>

Also as @david.s' answer pointed out android:targetSandboxVersion can be a problem too -

According to Manifest Docs -

android:targetSandboxVersion The target sandbox for this app to use. The higher the sandbox version number, the higher the level of security. Its default value is 1; you can also set it to 2. Setting this attribute to 2 switches the app to a different SELinux sandbox. The following restrictions apply to a level 2 sandbox: The default value of usesCleartextTraffic in the Network Security Config is false. Uid sharing is not permitted.

So Option 4 -

If you have android:targetSandboxVersion in <manifest> then reduce it to 1

AndroidManifest.xml - 

<?xml version="1.0" encoding="utf-8"?>
<manifest android:targetSandboxVersion="1">
    <uses-permission android:name="android.permission.INTERNET" />
    ...
</manifest>
@HrishikeshKadam your answer is much appreciated but it seems there must be another step in the most recent release of P? Please see my question stackoverflow.com/questions/51770323/…
Does ClearText HTTP mean that they were just using a http site instead of https?
What's the point of this Android security feature if every developer going to add android:usesCleartextTraffic="true" ?
This does not even mention the best solution to this problem: Use HTTPS. The options mentioned in this answer should only be a last resort.
@林果皞 it'll be easy for google play store to eventually just ban apps that use this flag
P
Pablo Cegarra

My problem in Android 9 was navigating on a webview over domains with http The solution from this answer 

<application 
    android:networkSecurityConfig="@xml/network_security_config"
    ...>

and:

res/xml/network_security_config.xml 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>
Can I somehow rewrite this in gradle?
Not working for me. I can't get my emulator to connect to 10.0.2.2
Thi is not the "safest" thing to do on release builds.
How if I wan to put port number together?
Worked nicely for me! Thanks!
P
Praveenkumar

In the AndroidManifest I found this parameter: 

android:networkSecurityConfig="@xml/network_security_config"

and @xml/network_security_config is defined in network_security_config.xml as: 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <!--Set application-wide security config using base-config tag.-->
    <base-config cleartextTrafficPermitted="false"/>
</network-security-config>

just I changed cleartextTrafficPermitted to true

Perfetct. More information here: codelabs.developers.google.com/codelabs/…
Reinstall the app after the changes
The only answer it worked for me (I had to create the file and add the parameter).
Not good practise to disable ssl requirements unless this was for internal app of course. But even then should never be disabled.
T
Tyler

You might only want to allow cleartext while debugging, but keep the security benefits of rejecting cleartext in production. This is useful for me because I test my app against a development server that does not support https. Here is how to enforce https in production, but allow cleartext in debug mode:

In build.gradle: 

// Put this in your buildtypes debug section:
manifestPlaceholders = [usesCleartextTraffic:"true"]

// Put this in your buildtypes release section
manifestPlaceholders = [usesCleartextTraffic:"false"]

In the application tag in AndroidManifest.xml 

android:usesCleartextTraffic="${usesCleartextTraffic}"
it's only used on api 23+ though. If you want an api independent solution the approved one at: stackoverflow.com/questions/46302058/… is a good option...
Question: when the app uses web servers that can be http or https by design, will usesCleartextTraffic:"false" even matter if the http urls need to be able to use the web services? So setting it to true means the https services by default don't send clear text anyway?
s
suther

Ok, that's ⇒⇒ NOT ⇐⇐ the thousands repeat of add it to your Manifest, but an hint which based on this, but give you additional Benefit (and maybe some Background Info).

Following solution allow you to set the protocol (HTTP / HTTPS) per ENVIRONMENT.

This way you are able to use http for your DEV-Environment, and https for your PRODUCTION-Environment, without the need to change it all the time! And this is needed, because generally you don't have an https-certificate for your local or dev environment, but it's a MUST-HAVE for production (and maybe for staging) environments.

Android has a kind of overwriting functionality for the src-Directory.

By default, you have

/app/src/main

But you can add additional directories to overwrite your AndroidManifest.xml. Here is how it works:

Create the Directory /app/src/debug

Inside create the AndroidManifest.xml

Inside of this File, you don't have to put all the Rules inside, but only the ones you like to overwrite from your /app/src/main/AndroidManifest.xml

Here an Example how it looks like for the requested CLEARTEXT-Permission: 

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
          package="com.yourappname">

    <application
            android:usesCleartextTraffic="true"
            android:name=".MainApplication"
            android:label="@string/app_name"
            android:icon="@mipmap/ic_launcher"
            android:allowBackup="false"
            android:theme="@style/AppTheme">
    </application>

</manifest>

With this knowledge it's now easy as 1,2,3 for you to overload your Permissions depending on your debug | main | release Enviroment.

The big benefit on it... you don't have debug-stuff in your production-Manifest and you keep an straight and easy maintainable structure

This is definitely the proper solution. Android has added these security settings for a reason, so they should stand. Your solutions allows us to test on local insecure environments, while the production builds will still have the recommended security settings. Thank you!
e
eli

If possible change your url's from HTTP to HTTPS;

It works out!!!

how is this upvoted? you'll get a handshake exception if your server url isn't https
upvoted because it's the right thing to do (in production environments). HTTPS should be the default, not HTTP.
@beetsta You assume that you have full control over what is serving the content. This answer is therefore naive or flippant in nature.
@beetstra Why should be HTTPS default on a LOCAL machine while debugging? This is so stupid, just another example of Google paternalism. Luckily one can workaround this for debug mode by Tyler's solution.
The answer is ignorant of the question. Unlike people in small companies, sometime you don't have an SSL for every staging server. The answer is as bad as someone correcting grammar in a Facebook post and this doesn't answer the question at all, nor does it fix it.
L
Lorence 
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">***Your URL(ex: 127.0.0.1)***</domain>
    </domain-config>
</network-security-config>

In the suggestion provided above I was providing my URL as http://xyz.abc.com/mno/

I changed that to xyz.abc.com then it started working.

Domain != URL. "http" is the protocol. The protocol is never part of the domain.
This is correct, only FQDN are being supported there, no IP addresses (fixed that above).
Not working for domain 10.0.2.2. Should I add the port number?
How If I am using ip address instead of domain?
E
El_o.di

It could be useful for someone.

We recently had the same issue for Android 9, but we only needed to display some Urls within WebView, nothing very special. So adding android:usesCleartextTraffic="true" to Manifest worked, but we didn't want to compromise security of the whole app for this. So the fix was in changing links from http to https

If I only want to display some URLs I don't need a WebView. I just use a TextView. ;) I suppose you mean you show some html pages. Your fix only works if your server offers SSL. You can't simply change the links.
This for sure is the best option whenever possible, but one can't always choose that - either for a performance reason or because simply the resource may not be available in cleartext HTTP.
"we didn't want to compromise security of the whole app", what security risks can it cause? In my case there is not one URL so i can't add them in manifest.
Hi @RobertWilliams it just means that clear traffic would non encrypted traffic would be allowed. Here is a blogpost medium.com/@son.rommer/…
E
Erick M. Sprengel

For React Native projects

It was already fixed on RN 0.59. You can find on upgrade diff from 0.58.6 to 0.59 You can apply it without upgrading you RN versionust follow the below steps:

Create files:

android/app/src/debug/res/xml/react_native_config.xml - 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
  <domain-config cleartextTrafficPermitted="true">
    <domain includeSubdomains="false">localhost</domain>
    <domain includeSubdomains="false">10.0.2.2</domain>
    <domain includeSubdomains="false">10.0.3.2</domain>
  </domain-config>
</network-security-config>

android/app/src/debug/AndroidManifest.xml - 

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
  xmlns:tools="http://schemas.android.com/tools">

  <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>

  <application tools:targetApi="28"
      tools:ignore="GoogleAppIndexingWarning" 
      android:networkSecurityConfig="@xml/react_native_config" />
</manifest>

Check the accepted answer to know the root cause.

I use react-native 0.59.5 and i having the same problem, we have to setting manually the AndroidManifest.xml as you suggest.
Thank you It helped Due to google policy I have to made android:usesCleartextTraffic="false" then I had the problem of running react-native from local in the simulator I did apply the above steps and it worked for me.
c
creativecoder

I have removed this line from the android manifest file which is already there 

 android:networkSecurityConfig="@xml/network_security_config"

and added 

android:usesCleartextTraffic="true"

this in to application tag in manifest 

<application
    android:usesCleartextTraffic="true"
    android:allowBackup="true"
    android:label="@string/app_name"
    android:largeHeap="true"
    android:supportsRtl="true"
    android:theme="@style/AppTheme"
    >

then this error Cleartext HTTP traffic to overlay.openstreetmap.nl not permitted is gone for me in android 9 and 10.I hope this will work for android 8 also if it is helped you don't forget to vote thank you

Saved my day. Many thanks 😊 ☺️
Won't it effect to any existing functionality of app?
S
Sam Shaba

Adding ... android:usesCleartextTraffic="true" ... to your manifest file may appear to fix the problem but it opens a threat to data integrity.

For security reasons I used manifest placeholders with android:usesCleartextTraffic inside the manifest file (like in Option 3 of the accepted answer i.e @Hrishikesh Kadam's response) to only allow cleartext on debug environment.

Inside my build.gradle(:app) file, I added a manifest placeholder like this: 

    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }

        debug {
            manifestPlaceholders.cleartextTrafficPermitted ="true"
        }
    }

Note the placeholder name cleartextTrafficPermitted at this line above 

            manifestPlaceholders.cleartextTrafficPermitted ="true"

Then in my Android Manifest, I used the same placeholder ...

AndroidManifest.xml - 

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:usesCleartextTraffic="${cleartextTrafficPermitted}"
        ...>
        ...
    </application>
</manifest>

With that, cleartext traffic is only permitted under the debug environment.

H
Hemant Ramphul

Simple and Easiest Solution [Xamarin Form]

For Android

Goto Android Project, then Click on Properties,

https://i.stack.imgur.com/oVc2y.png

Open AssemblyInfo.cs and paste this code right there: [assembly: Application(UsesCleartextTraffic =true)]

https://i.stack.imgur.com/npJHb.png

For iOS

Use NSAppTransportSecurity:

https://i.stack.imgur.com/xD7n9.png

You have to set the NSAllowsArbitraryLoads key to YES under NSAppTransportSecurity dictionary in your info.plist file. 

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
</dict>

https://i.stack.imgur.com/Fh3GC.png

this works like a charm, superb @Hemant Ramphul
Absolutely superb!
C
Community

Okay, I have figured this out. It is due to the Manifest parameter android:targetSandboxVersion="2", that I have added because we also have Instant App version - it should make sure than once user upgrades from Instant App to regular app, he will not loose his data with the transfer. However as the vague description suggest:

Specifies the target sandbox this app wants to use. Higher sanbox versions will have increasing levels of security. The default value of this attribute is 1.

It obviously also adds new level of security policy, at least on Android 8.

S
SushiHangover

To apply these various answers to Xamarin.Android, you can use class and assembly level Attributes vs. manually editing the AndroidManifest.xml

Internet permission of course is needed (duh..): 

[assembly: UsesPermission(Android.Manifest.Permission.Internet)]

Note: Typically assembly level attributes are added to your AssemblyInfo.cs file, but any file, below the using and above the namespace works.

Then on your Application subclass (create one if needed), you can add NetworkSecurityConfig with a reference to an Resources/xml/ZZZZ.xml file: 

#if DEBUG
[Application(AllowBackup = false, Debuggable = true, NetworkSecurityConfig = "@xml/network_security_config")]
#else
[Application(AllowBackup = true, Debuggable = false, NetworkSecurityConfig = "@xml/network_security_config"))]
#endif
public class App : Application
{
    public App(IntPtr javaReference, Android.Runtime.JniHandleOwnership transfer) : base(javaReference, transfer) { }
    public App() { }

    public override void OnCreate()
    {
        base.OnCreate();
    }
}

Create a file in the Resources/xml folder (create the xml folder if needed).

Example xml/network_security_config file, adjust as needed (see other answers) 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
          <domain includeSubdomains="true">www.example.com</domain>
          <domain includeSubdomains="true">notsecure.com</domain>
          <domain includeSubdomains="false">xxx.xxx.xxx</domain>
    </domain-config>
</network-security-config>

You can also use the UsesCleartextTraffic parameter on the ApplicationAttribute: 

#if DEBUG
[Application(AllowBackup = false, Debuggable = true, UsesCleartextTraffic = true)]
#else
[Application(AllowBackup = true, Debuggable = false, UsesCleartextTraffic = true))]
#endif
How does this work if you are not on a doamin and on a local host address of 192.168 the applicaiton will not be live out on the internet but a local network
and what is the syntax for xamrian forms
@rogue39nin Use the last part of my answer : UsesCleartextTraffic = true
S
Steve Rogers

While the working answer, for me, was this by @PabloCegarra: 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>

You may receive a security warning regarding the cleartextTrafficPermitted="true"

If you know the domains to 'white list' you should mix both accepted answer and the above one: 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="false">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">books.google.com</domain>
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </domain-config>
</network-security-config>

This code is working for me, but my app needs to retrieve data from books.google.com only. By this way the security warning disappears.

G
Gvs Akhil

Update December 2019 ionic - 4.7.1 

<manifest xmlns:tools=“http://schemas.android.com/tools”>

<application android:usesCleartextTraffic=“true” tools:targetApi=“28”>

Please add above content in android manifest .xml file

Previous Versions of ionic

Make sure you have the following in your config.xml in Ionic Project: Run ionic Cordova build android. It creates Android folder under Platforms Open Android Studio and open the Android folder present in our project project-platforms-android. Leave it for few minutes so that it builds the gradle After gradle build is finished we get some errors for including minSdVersion in manifest.xml. Now what we do is just remove from manifest.xml. Make sure its removed from both the locations: app → manifests → AndroidManifest.xml. CordovaLib → manifests → AndroidManifest.xml. Now try to build the gradle again and now it builds successfully Make sure you have the following in Application tag in App → manifest → Androidmanifest.xml: Open network_security_config (app → res → xml → network_security_config.xml). Add the following code: xxx.yyyy.com

Here xxx.yyyy.com is the link of your HTTP API. Make sure you don't include any Http before the URL.

Note: Now build the app using Android Studio (Build -- Build Bundle's/APK -- Build APK) and now you can use that App and it works fine in Android Pie. If you try to build app using ionic Cordova build android it overrides all these settings so make sure you use Android Studio to build the Project.

If you have any older versions of app installed, Uninstall them and give a try or else you will be left with some error:

App not Installed

ionic? Cordova? So it isn't a normal Android build, but a framework to build native apps with front end tech instead.
Ionic provides u the webivew implementation in android app and Cordova helps u to access android native features like microphone, camera.
N
Nithinjith

I am also got the same "Cleartext HTTP traffic not permitted" error while developing my Application. I am using Retrofit2 for network calls in my application and I have two project environments(dev & production). My Production domain is having SSL certificate with HTTPS calls and dev won't have https. The configuration is added in the build flavors. But when I change to dev, this issue will trigger. So I have added below-solution for that.

I have added cleartext traffic in the manifest 

 android:usesCleartextTraffic="true"

Then I have added a connection spec in the retrofit configuration class OKHttp creation time. 

 .connectionSpecs(CollectionsKt.listOf(ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT))

Complete OkHttpClient creation is given below 

OkHttpClient okHttpClient = new OkHttpClient.Builder()
        .readTimeout(10, TimeUnit.SECONDS)
        .connectTimeout(10, TimeUnit.SECONDS)
        .cache(null)
        .connectionSpecs(CollectionsKt.listOf(ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT))
        .addInterceptor(new NetworkInterceptor(context))
        .addInterceptor(createLoggingInterceptor())
        .addInterceptor(createSessionExpiryInterceptor())
        .addInterceptor(createContextHeaderInterceptor())
        .build();
H
HandyPawan

Create file - res / xml / network_security.xml

In network_security.xml -> 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">192.168.0.101</domain>
    </domain-config>
</network-security-config>

Open AndroidManifests.xml : 

 android:usesCleartextTraffic="true" //Add this line in your manifests

<application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:roundIcon="@mipmap/ic_launcher_round"
        android:supportsRtl="true"
        android:usesCleartextTraffic="true"
        android:theme="@style/AppTheme">
A
Ashif 
 cleartext support is disabled by default.Android in 9 and above

 Try This one I hope It will work fine

1 Step:->  add inside android build gradle (Module:App)
            useLibrary 'org.apache.http.legacy'

  android {
               compileSdkVersion 28
              useLibrary 'org.apache.http.legacy'

          }

Then 2 Step:-> manifest add inside manifest application tag 

<application
    android:networkSecurityConfig="@xml/network_security_config">//add drawable goto Step 4

   // Step --->3  add to top this line  
     <uses-library
        android:name="org.apache.http.legacy"
        android:required="false" />

</application>

//Step 4-->> Create Drawable>>Xml file>>name as>> network_security_config.xml 

   <?xml version="1.0" encoding="utf-8"?>
   <network-security-config>
      <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
           <certificates src="system" />
        </trust-anchors>
      </base-config>
    </network-security-config>
Is it possible to change this in aosp?
@Shadow Yes you can change it.
May I know where exactly I can change it?
@Shadow www.yourwebsidedomain.com
No!! Again you are saying in application side. I am asking how to change in framework/<> folder class?
J
Jarda Pavlíček

Put following into your resources/android/xml/network_security_config.xml : 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true" />
</network-security-config>

This solves Failed to load resource: net::ERR_CLEARTEXT_NOT_PERMITTED problem on Android for Cordova / Ionic.

M
Manoj Alwis

Just add android:usesCleartextTraffic="true" inside the in AndroidManifest.xml file

M
Mayuresh Deshmukh

In my case that URL is not working in browser also.

I check with https://www.google.com/ 

webView.loadUrl("https://www.google.com/")

And it worked for me.

myWebView.loadUrl("www.site.com"); is also works for webmasters don't have SSL as HTTPS but have HTTP only. Might get blank page but.
if given url is worked in your web browser then you can use in your webview. otherwise you can see this error.
I know sometimes it gives an error, but most of the time I see blank page even run.javascript is "true" and I can access the website correctly. I don't know why I see blank page, also I set zoom-able true.
c
chaosifier

For Xamarin.Android developers make sure HttpClient implementation and SSL/TLS is set to Default.

It can be found under Andorid Options -> Advanced Android Options.

https://i.stack.imgur.com/wEmUs.png

R
Rosenpin

This is done for security reasons, you should always prefer to use HTTPS (HTTP Secure) where possible.
You can read more about it here

There are multiple solutions for this issue depending on your condition.

If you are trying to communicate with a first party service, IE: your own web server

Server side: You should add HTTPS support to that server and use HTTPS instead of HTTP. These days you can even do it for free using services like LetsEncrypt and others
Client side: If you are using the HttpURLConnection from the java.net package you can switch to HttpsURLConnection of the java.net.ssl package, it has a similar if not identical API, so the switch should be effortless.

If you are using a third party service, like Google, Facebook, a weather service, etc.

In case that the service you are communicating with supports HTTPS (which it most likely does) you can just change your request URL from http://abc.xyz to https://abc.xyz.

As a last resort, if the third party service that you want to communicate with does not support HTTPS or any other form of secure communication, you can use this answer, but again, this is not recommended as it defeats the purpose of this much needed security feature.

u
user7641341

videoView can't open this video Online video

Create file res/xml/network_security_config.xml 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>

New in the AndroidManifest.xml file under application: 

android:networkSecurityConfig="@xml/network_security_config"

https://techprogrammingideas.blogspot.com/2021/02/android-code-for-displaying-video-with.html

https://youtu.be/90hWWAqfdUU
Yes, this works for me, Android 10/11/12.
t
tripleee

Upgrade to React Native 0.58.5 or higher version. They have includeSubdomain in their config files in RN 0.58.5.

ChangeLog

In Rn 0.58.5 they have declared network_security_config with their server domain. Network security configuration allows an app to permit cleartext traffic from a certain domain. So no need to put extra effort by declaring android:usesCleartextTraffic="true" in the application tag of your manifest file. It will be resolved automatically after upgrading the RN Version.

R
Ripdaman Singh

After changed API version 9.0 getting the error Cleartext HTTP traffic to YOUR-API.DOMAIN.COM not permitted (targetSdkVersion="28"). in xamarin, xamarin.android and android studio.

Two steps to solve this error in xamarin, xamarin.android and android studio.

Step 1: Create file resources/xml/network_security_config.xml

In network_security_config.xml 

<?xml version="1.0" encoding="utf-8" ?>
<network-security-config>
  <domain-config cleartextTrafficPermitted="true">
    <domain includeSubdomains="true">mobapi.3detrack.in</domain>
  </domain-config>
</network-security-config>

Step 2: update AndroidManifest.xml -

Add android:networkSecurityConfig="@xml/network_security_config" on application tag. e.g: 

<application android:label="your App Name" android:icon="@drawable/icon" android:networkSecurityConfig="@xml/network_security_config">
W
Waleed Arshad

adding this paramter in header resolved my issue in apiSauce React Native 

"Content-Type": "application/x-www-form-urlencoded",
  Accept: "application/json"
L
Leena

If you are using ionic and getting this error during native http plugin, following fix needs to be done-

goto resources/android/xml/network_security_config.xml Change it to- 

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">localhost</domain>
        <domain includeSubdomains="true">api.example.com(to be adjusted)</domain>
    </domain-config>
</network-security-config>

That worked for me!

G
Gk Mohammad Emon

Cleartext is any transmitted or stored information that is not encrypted or meant to be encrypted.

When an app communicates with servers using a cleartext network traffic, such as HTTP (not https), it could raise the risk of hacking and tampering of content. Third parties can inject unauthorized data or leak information about the users. That is why developers are encouraged to secure traffic only, such as HTTPS. Here is the implementation and the reference of how to resolve this problem.

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Links

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.