From Android 9 Pie now, requests without encryption will never work. And by default, the System will expect you to use TLS by default.You can read this feature here So if you only make requests via HTTPS you are safe. But what about apps that make requests through different sites, for instance, browser-like apps.
How can I enable requests to all types of connections HTTP and HTTPS in Android 9 Pie?
This question is related to
java
android
kotlin
android-9.0-pie
android-network-security-config
For React Native
applications while running in debug add the xml block
mentioned by @Xenolion to react_native_config.xml
located in <project>/android/app/src/debug/res/xml
Similar to the following snippet:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="false">localhost</domain>
<domain includeSubdomains="false">10.0.2.2</domain>
<domain includeSubdomains="false">10.0.3.2</domain>
</domain-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
A simple way is set android:usesCleartextTraffic="true"
on you AndroidManifest.xml
android:usesCleartextTraffic="true"
Your AndroidManifest.xml
look like
<?xml version="1.0" encoding="utf-8"?>
<manifest package="com.dww.drmanar">
<application
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:usesCleartextTraffic="true"
android:theme="@style/AppTheme"
tools:targetApi="m">
<activity
android:name=".activity.SplashActivity"
android:theme="@style/FullscreenTheme">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
</manifest>
I hope this will help you.
Easy Way
Add usesCleartextTraffic
to AndroidManifest.xml
<application
...
android:usesCleartextTraffic="true"
...>
Indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false".
i got the same problem and i notice that my security config has diferent TAGS like the @Xenolion answer says
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">localhost</domain>
</domain-config>
</network-security-config>
so i change the TAGS "domain-config" for "base-config" and works, like this:
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">localhost</domain>
</base-config>
</network-security-config>
The FULLY WORKING SOLUTION for both Android
or React-native
users facing this issue just add this
android:usesCleartextTraffic="true"
in AndroidManifest.xml file like this:
android:usesCleartextTraffic="true"
tools:ignore="GoogleAppIndexingWarning">
<uses-library
android:name="org.apache.http.legacy"
android:required="false" />
in between <application>
.. </application>
tag like this:
<application
android:name=".MainApplication"
android:label="@string/app_name"
android:icon="@mipmap/ic_launcher"
android:allowBackup="false"
android:theme="@style/AppTheme"
android:usesCleartextTraffic="true"
tools:ignore="GoogleAppIndexingWarning">
<uses-library
android:name="org.apache.http.legacy"
android:required="false" />
<activity
android:name=".MainActivity"
android:label="@string/app_name"/>
</application>
Just set usesCleartextTraffic
flag in the application tag of AndroidManifest.xml
file.
No need to create config file for Android.
<application
android:usesCleartextTraffic="true"
.
.
.>
You may check if you are sending clearText through HTTP
Fix : https://medium.com/@son.rommer/fix-cleartext-traffic-error-in-android-9-pie-2f4e9e2235e6
OR
In the Case of Apache HTTP client deprecation (From Google ) :
With Android 6.0, we removed support for the Apache HTTP client. Beginning with Android 9, that library is removed from the bootclasspath and is not available to apps by default.
To continue using the Apache HTTP client, apps that target Android 9 and above can add the following to their AndroidManifest.xml:
Source https://developer.android.com/about/versions/pie/android-9.0-changes-28
Source: Stackoverflow.com