Currently I am using my httpclient for only http requests, but now i want to use https aswell.
I changed my http URL to a https URL and my application won't connect to the url.
fyi: I can connect with my browser to the https url and get my response just not within my application itself
any ideas what the issue could be or what im doing wrong?
OkHttpClient okHttpClient = new OkHttpClient.Builder()
.connectTimeout(4, TimeUnit.SECONDS)
.build();
retrofit = new Retrofit.Builder()
.baseUrl("https:xyz.com/api/")
.addConverterFactory(GsonConverterFactory.create())
.client(okHttpClient)
.build();
To be able to perform HTTPS connections, an SSL certificate and transport configuration must be present, or your device won't know how to encrypt and more importantly trust the other end.
In short, take a look at the Network Security Configuration official documentation to understand this and what it entails.
If all you care for now is debugging, then you can also find the information on how to "bypass" this for Debugging builds in the same page.
In short (and I quote):
When debugging an app that connects over HTTPS, you may want to connect to a local development server, which does not have the SSL certificate for your production server.
Add a file in res/xml/network_security_config.xml (create it)
Paste something like this (but read what it means and understand it, the security of your app and your user's information is at risk if you don't learn this stuff):
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
Related
I need to allow all HTTP for all requests in my code.
The code works fine in debug and release mode for the apk, but it doesn't work when I upload it to Google play as bundle.aab
1- I created network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
2- add to AndroidManifest/application
<application
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_config"
......
>
3- add meta-data to application
<application
......>
.....
<meta-data android:name="io.flutter.network-policy"
android:resource="#xml/network_security_config"/>
</application>
4- add the permission
<uses-permission android:name="android.permission.INTERNET"/>
You should https but if you still want to use http protocol then add the following to your Info.plist file in iOS:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Also for android add this entry in AndroidManifest.xml file:
<application
...
android:usesCleartextTraffic="true">
...
</application>
By default, Flutter disables insecure HTTP connections on iOS and Android to improve security and prevent man-in-the-middle attacks. However, if you need to allow insecure HTTP connections for testing or other purposes, you can do so by using the http package's BadCertificateCallback function.
To allow insecure HTTP connections in your Flutter app, you can do the following:
Import the http package and the dart:io library:
import 'package:http/http.dart' as http;
import 'dart:io';
Create a function that returns true for any certificate that should be allowed. For example, the following function allows any certificate:
bool allowInsecureCertificates(X509Certificate cert, String host, int port) {
return true;
}
Use the http.Client constructor and pass the allowInsecureCertificates function as the onBadCertificate parameter to create an HTTP client that allows insecure certificates:
final client = http.Client(onBadCertificate: allowInsecureCertificates);
Use the client to make HTTP requests as needed. For example:
final response = await client.get('http://insecure-server.com/data');
Keep in mind that allowing insecure HTTP connections can compromise the security of your app and the data it handles. It is generally not recommended to allow insecure HTTP connections in production environments. Instead, you should use secure HTTPS connections to protect the integrity and confidentiality of your data.
Is it any specific domain you are trying to call?
You can try adding the <domain-config> tag, if you know which domain you might be using. There is a section on Android documentation, if you want to force the system to use only secure connections here.
But you can try changing some values in that to see if disabling those force items can solve your problem.
Try something like this.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">network.domain.com</domain>
</domain-config>
</network-security-config>
But this is only for Android.
I've downloaded the latest sample MAUI here: https://github.com/microsoft/dotnet-podcasts and copied the exact way they make requests but I can't get passed an 'unexpected end of stream error':
System.Net.WebException: unexpected end of stream on com.android.okhttp.Address#4c288121
---> Java.IO.IOException: unexpected end of stream on com.android.okhttp.Address#4c288121
I'm initialising the HttpClient in the MauiProgram.cs via the AddHttpClient factory method like so (note the different IP address for Andorid):
public static string Base = DeviceInfo.Platform == DevicePlatform.Android ? "http://10.0.2.2" : "https://localhost";
public static string APIUrl = $"{Base}:7096/api/";
builder.Services.AddHttpClient<DishClient>(client => { client.BaseAddress = new Uri(APIUrl); });
I've included the following android:networkSecurityConfig in the AndroidManifest.xml (which allows http traffic):
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
The solution in Xamarin it seems is to use AndroidClientHandler but this is in a deprecated library that I can't use in MAUI, and there's no reference to it in the linked solution that works.
Things I've tried:
using Https: I've followed the guide here: https://learn.microsoft.com/en-us/xamarin/cross-platform/deploy-test/connect-to-local-web-services#bypass-the-certificate-security-check but I still get certificate errors:
System.Net.WebException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
---> Javax.Net.Ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
I've also tried this
handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
but get an error
System.PlatformNotSupportedException: Operation is not supported on this platform
It's been 4 days non-stop and i've gone through every conceivable setting in the working solution and can't find any differences. Any ideas?
#Jimmy in your code, you're changing the URL from "https://localhost" to "http://10.0.2.2" when you're running on android. In both cases, you're calling the API at port 7096:
public static string APIUrl = $"{Base}:7096/api/";. In the case of android, you're using the HTTP protocol, and in all other cases, you're using HTTPS.
I assume that your server listens to HTTPS only on port 7096 and not to HTTP. Maybe this causes your issue.
Another problem could be that your service is only bound to localhost but not to your IP address (you can look this up in the launchsettings.json of your API).
Another issue can be that your firewall doesn't allow incoming traffic on port 7096. You should check that, too, because you're not crossing machine borders when you're running on Windows. However, you have a cross-machine communication when running on the Android emulator.
I experience the following situation:
Having an HTTP server written in Go using Gin framework and hosted on AWS, only some people (approximately 20%) are able to connect (everyone is connecting from a React Native axios client using an Android device).
The server is located on ec2-3-131-85-255.us-east-2.compute.amazonaws.com:2302. Every request is POST. For example, to register, users access the /register endpoint, http://ec2-3-131-85-255.us-east-2.compute.amazonaws.com:2302/register.
Any hint would be helpful. Thank you in advance.
Most of Android devices doesn't accept http protocol by default so you have to add https
and add this in your manifest application tag
android:networkSecurityConfig="#xml/network_security_config
and add this file to your android
res/xml/network_security_config
and write this inside this file
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">Your URL</domain>
</domain-config>
<base-config cleartextTrafficPermitted="false"/>
</network-security-config>
Maybe some clients are behind a firewall that doesn't allow http requests to ports different than the default (80 for http or 443 for https). You could try to change the port number on which the server listens for requests to port 80.
I know there are a lot of similar question but mine is particular.
I have Android app using a NodeJS Back-end on localhost:3000. In order to test my app on my real device (and other friend so far from me), I'm using Ngrok to redirect requests.
Then, on Postman, I can reach the BackEnd through Ngrok. When I run my App on Android Studio emulator, requests sent from the app can reach the BackEnd through Ngrok. On my real device, when I open a browser and send /GET I can also reach BackEnd through Ngrok. But, when I run my app on my real device (I installed the apk-debug generated from Android Studio), the request doesn't have any response and I can't see Ngrok receiving it in the logs, neither the Back-end.
Retrofit retrofit = new Retrofit.Builder()
//.baseUrl("http://10.0.2.2:3000/")
.baseUrl("http://1e2b8b83.ngrok.io/")
.addConverterFactory(GsonConverterFactory.create())
.build();
I found it :
Android P version is blocking requests to HTTP servers. We should either communicate to an HTTPS server or to use a quick fix. The fix then is to create an xml file with the following content :
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">2b8e18b3.ngrok.io</domain>
<domain includeSubdomains="true">localhost</domain>
</domain-config>
then add it in the MANIFEST Application balise as follow :
<application
...
android:networkSecurityConfig="#xml/network_security_config"
... />
Big thanks to the guy who wrote this article :
https://medium.com/mindorks/my-network-requests-are-not-working-in-android-pie-7c7a31e33330
i am working with Retrofit library on my project, but it seems that Retrofit block non https requests.
I tried by adding in the application tag in Manifest.xml
android:usesCleartextTraffic="true"
but didn't work, i also tried another solution by adding under res/xml a security confing file:
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">http://my subdomain/</domain>
</domain-config>
</network-security-config>
and link it in application tag in the Manifest.xml :
android:networkSecurityConfig="#xml/network_security_config"
both of the solution didn't work.
how can i avoid this error ?
NB: my code works fine when i test with https request, and for testing purposes we are working in a subdomain which use http.
Just was having this exact problem, not sure if the solution for you will be the same. But in my case I was using okhttp3 as my http client, and when building my client I had to specify the connection specs like so:
val specs = listOf(ConnectionSpec.CLEARTEXT, ConnectionSpec.MODERN_TLS)
client.connectionSpecs(specs)
Previously I was only setting MODERN_TLS, so in order to allow my library to accept http connections I had to add the CLEARTEXT spec
You can include urls without specifying http:// for urls. Example of website http://mywebsite.com and ip address http://192.168.1.1, you can write like below:
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">mywebsite.com</domain>
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>