Develop Reference

Android Virtual Device error: This request has been blocked; the content must be served over HTTPS

I am simply trying to make a Capacitor (Angular) HTTP GET Request from the Android Virtual Device (API 29) to an API (.NET 6.0) also running on my PC.
In production I would change the API to only use HTTPS but for development I wanted HTTP as I wouldn't expect the AVD to accept the self-signed certificate.
The error I see is simply
was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://10.0.2.2:5409/FromMobile/test'. This request has been blocked; the content must be served over HTTPS.
I assume this is an issue mainly because Capacitor is serving via HTTPS but the call is to a non-secured HTTP api.
I tried with my IP address too but had the same error.
I have already added
android:usesCleartextTraffic="true"
to the manifest.xml file.
I also tried adding the network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">10.0.2.2</domain>
</domain-config>
</network-security-config>
and
android:networkSecurityConfig="#xml/network_security_config"
But no change
UPDATE:
I have also tried installing the certificate on to the phone but this had made no difference

Try to change the Capacitor config:
const config: CapacitorConfig = {
server: {
androidScheme: 'http',
cleartext: true
},
android: {
allowMixedContent: true
},
};

Use this network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>

"java.security.cert.CertPathValidatorException: Trust anchor for certification path not found." Android + Retrofit + Asp.net API

I am trying to consume RestApi from asp.net running in (local machine). I followed the exact steps on https://developer.android.com/training/articles/security-config#ConfigCustom in (Configure a custom CA)
but with no success, always getting the same error "java.security.cert.CertPathValidatorException: Trust anchor for certification path not found".
Steps i followed:
1- Exporsted the self-signed CA in .der from (Trusted Root Certification Authorities)
convert it to .pem, i took copy of the .pem and pasted(added it) to raw directory.
2- Created "network_security_config".
<network-security-config>
<domain-config>
<domain includeSubdomains="true">10.0.2.2</domain>
<trust-anchors>
<certificates src="#raw/localhost"/>
</trust-anchors>
</domain-config>
</network-security-config>
3- Modified AndroidManifest:
<application
android:networkSecurityConfig="#xml/network_security_config"
...
</application
Finally: in retrofit baseUrl("https://10.0.2.2:5001/api/")

Do something like this:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.0.106</domain>
</domain-config>
</network-security-config>
Just checked out with a dummy Spring Boot server and mini Android application.
You can check your open ports(Ubuntu):
sudo ufw app list
And add a new port like(Ubuntu):
sudo ufw allow 8080
I'm not using a Windows machine right now. So I can't tell how to enable it there. But there were actually multiple ways to do that.

Allow HTTP (ClearText) from an IP address | Flutter 2 | Android

I need to get a JSON response from an IP address (No Domain Name connected), but flutter 2.0 doesn't allow HTTP, so I followed this answer to enable it, but the problem I face is I dont have domain name, to replace here:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">api.example.com</domain>
</domain-config>
</network-security-config>
I tried replacing with IP but it throws error that IP is not recognised as domain name.
<domain includeSubdomains="true">x.x.x.x</domain> #doesn't work
Any solution to allow HTTP traffic from IP address.
PS: I know its unsafe.
EDIT:
I tried this methods:
Setting res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true" />
</network-security-config>
Doesn't work.
Setting res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">65.0.XX.136</domain>
</domain-config>
</network-security-config>
Doesn't Work.
Setting android:usesCleartextTraffic="true" in application tag of AndroidManifest.xml.
Doesn't work.

Unable connect to a HTTP URL in Android 10

I am using a http://something API for the login process. But could't get a hit on API in Android 10. For rest of the version, the API is working fine.
First of all, I was getting SocketTimeoutException. Then I tried following solutions.
1) Added below attribute to <application> in Manifest.
android:usesCleartextTraffic="true"
Result: Still getting SocketTimeoutException.
2) Then I added networkSecurityConfig:
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">project.dev.company:6001/</domain>
<trust-anchors>
<certificates src="system"/>
</trust-anchors>
</domain-config>
</network-security-config>
Result : UnknownServiceException : CLEARTEXT communication to project.dev.company:6001/ is not permitted by network security policy.
3) Also tried permitting CLEARTEXT in <base-config>. Still getting SocketTimeoutException.
How can I permit my app to access a HTTP connection from Android 10? I am using Retrofit2 for network calling.

Use this codes in your xml file
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">project.dev.company</domain>
</domain-config>
</network-security-config>
and use this codes in manifest:
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_configuration"
dont need any "/" and port in domain,just use like me
Edited:
you can use IP of your api host,like this:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>

Nativescript with Angular - usesCleartextTraffic="true" flag in application tag not working in Emulator

I cannot get rid of Cleartext HTTP traffic error in my Nativescript application. I saw all the relevant threads and added the following configuration to my app:
In AndroidManifest.xml added:
<application
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_config">
Also added the following file in to two locations:
App_Resources/Android/src/main/res/xml/network_security_config.xml
App_Resources/Android/xml/network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">ec2-xxx-xxx-xxx-xxx.eu-central-1.compute.amazonaws.com</domain>
</domain-config>
<base-config cleartextTrafficPermitted="true" />
</network-security-config>
And the error:
{"originalStack":"Error: java.io.IOException: Cleartext HTTP traffic to ec2-xxx-xxx-xxx-xxx.eu-central-1.compute.amazonaws.com not permitted\n at new ZoneAwareError (file:///data/data/com.app.app/files/app/vendor.js:92106:33)\n at onRequestComplete (file:///data/data/com.app.app/files/app/vendor.js:131598:34)\n at Object.onComplete (file:///data/data/com.app.app/files/app/vendor.js:131587:13)","zoneAwareStack":"Error: java.io.IOException: Cleartext HTTP traffic to ec2-xxx-xxx-xxx-xxx.eu-central-1.compute.amazonaws.com not permitted\n at onRequestComplete (file:///data/data/com.app.app/files/app/vendor.js:131598:34) []\n at Object.onComplete file:///node_modules\tns-core-modules\http\http-request\http-request.js:43:0
Running on Android Emulator-Pixel_2_API_28:5554
UPDATE:
It works on real device.