I need to get a JSON response from an IP address (No Domain Name connected), but flutter 2.0 doesn't allow HTTP, so I followed this answer to enable it, but the problem I face is I dont have domain name, to replace here:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">api.example.com</domain>
</domain-config>
</network-security-config>
I tried replacing with IP but it throws error that IP is not recognised as domain name.
<domain includeSubdomains="true">x.x.x.x</domain> #doesn't work
Any solution to allow HTTP traffic from IP address.
PS: I know its unsafe.
EDIT:
I tried this methods:
Setting res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true" />
</network-security-config>
Doesn't work.
Setting res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">65.0.XX.136</domain>
</domain-config>
</network-security-config>
Doesn't Work.
Setting android:usesCleartextTraffic="true" in application tag of AndroidManifest.xml.
Doesn't work.
Related
I was trying to communicate with my server using Axios. I checked it worked well in the same URL, same body data in Postman. However, in most conditions, the application doesn't make an HTTP call - It only works when I turn on network inspector in react-native-debugger with debug mode. make a bunch of error messages like below.
Error: Network Error at createError
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:115372:17) at EventTarget.handleError
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:115282:16) at EventTarget.dispatchEvent
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:33554:27) at EventTarget.setReadyState
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:32692:20) at EventTarget.__didCompleteResponse
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:32500:16) at http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:32616:47 at RCTDeviceEventEmitter.emit
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:2310:37) at MessageQueue.__callFunction
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:3348:31) at http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:3076:17 at MessageQueue.__guard
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:3302:13)
I read the article that android network policy may be the reason. I changed the AndroidManifest.xml below. Then I checked there is http:// or https:// in a domain, and there was no problem with the domain. Finally, I added network_security_config.xml, but it doesn't make a change.
I use my physical android phone(galaxy A50, android 11) instead of AVD. targetSdkVersion and complieSdkVersion are also API 30, minSdkVersion is 22.
postLogIn
export function postLogIn(authorizationInfo: WheelieAuthorizationInfo) {
return axios.post<{
statusCode: number;
token: string;
}>(`${domain}/account/login`, authorizationInfo);
}
app/src/debug/AndrodiManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<application
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_config"
tools:targetApi="28"
tools:ignore="GoogleAppIndexingWarning">
<activity android:name="com.facebook.react.devsupport.DevSettingsActivity" />
</application>
</manifest>
network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">10.0.2.2</domain>
</domain-config>
</network-security-config>
I solved this problem two days ago by adding network_security_config.xml and network certificates(*.pem) for my backend API server.
References: Andorid Dev Network Security Configuration
First, add a custom networking security setting in AndroidManifest.xml
...
<application
...
android:networkSecurityConfig="#xml/network_security_config">
Second, make ./android/app/src/main/res/xml/network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">pedalers.net</domain>
<trust-anchors>
<certificates src="#raw/my_ca"/>
</trust-anchors>
</domain-config>
<domain-config cleartextTrafficPermitted="true">
<!-- Without localhost setting, it's unable to connect metro with app. -->
<domain includeSubdomains="true">127.0.0.1</domain>
<!-- For physical phone, 10.0.0.1 is the address connect to computer -->
<domain includeSubdomains="true">10.0.0.1</domain>
<!-- For AVD, 10.0.2.2 is the address connect to computer -->
<domain includeSubdomains="true">localhost</domain>
</domain-config>
</network-security-config>
Third, add the self-signed or non-public CA certificate, in PEM or DER format, to res/raw/my_ca.
I have an app with ionic and cordova. the network_security_config.xml file as follows:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="false">
<domain includeSubdomains="true">xxxxxxxxx</domain>
<pin-set expiration="2021-07-01">
<pin digest="SHA-256">aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa=</pin>
<!-- backup pin -->
<pin digest="SHA-256">bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb=</pin>
</pin-set>
</domain-config>
</network-security-config>
and the AndroidManifest file added with the value: android: networkSecurityConfig = "# xml / network_security_config"
The problem is that the two pins in the network_security_configuration file are incorrect and still the API call is successful. Some brilliant mind that sees where is the error that I am not seeing?
my program takes an URL from the user, so it may make request to any website of the internet.
I'm trying to make this possible, I looked up all the answers about "Android HTTP Cleartext" errors, and made this, but it still doesn't let me connect my test local PHP server, what am I missing here?
<uses-permission android:name="android.permission.INTERNET" />
...
<application
...
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_config"
tools:ignore="UnusedAttribute"
My security config:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">api.example.com</domain>
</domain-config>
</network-security-config>
Thanks!
Try changing your network_security_config.xml as follows:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true"></base-config>
</network-security-config>
I am using a http://something API for the login process. But could't get a hit on API in Android 10. For rest of the version, the API is working fine.
First of all, I was getting SocketTimeoutException. Then I tried following solutions.
1) Added below attribute to <application> in Manifest.
android:usesCleartextTraffic="true"
Result: Still getting SocketTimeoutException.
2) Then I added networkSecurityConfig:
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">project.dev.company:6001/</domain>
<trust-anchors>
<certificates src="system"/>
</trust-anchors>
</domain-config>
</network-security-config>
Result : UnknownServiceException : CLEARTEXT communication to project.dev.company:6001/ is not permitted by network security policy.
3) Also tried permitting CLEARTEXT in <base-config>. Still getting SocketTimeoutException.
How can I permit my app to access a HTTP connection from Android 10? I am using Retrofit2 for network calling.
Use this codes in your xml file
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">project.dev.company</domain>
</domain-config>
</network-security-config>
and use this codes in manifest:
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_configuration"
dont need any "/" and port in domain,just use like me
Edited:
you can use IP of your api host,like this:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>
i'm trying to connect to api by kotlin in android. but i'm getting error either
No network Securituy Config Specified, using platform default.
or
Using Network Security from resource ntwork_security_config debugBuild:true.
i already add network_security_config.xml in res/xml folder. can anyone help me with this problem?
below are some screenshot
Your network-security-config should be similar as below:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">enter domain here</domain>
</domain-config>
</network-security-config>
Example:
If your network call sends request to this domain:
www.myapp.com/api/something
Then, your network-security-config will look like:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">www.myapp.com</domain>
</domain-config>
</network-security-config>
Try using this and remove android:usesCleartextTraffic="true" from the manifest.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
you need to add this StrictMode Policy in onCreate of your class file..
StrictMode.ThreadPolicy policy = new
StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);