I'm integrating PayUMoney with my app. For Android versions above 9 cleartextTrafficPermitted="false" by default. So I get the following error:
The webpage at http://180.179.174.15:3000/pgSimulator/axis/redirect
could not be loaded because: net::ERR_CLEARTEXT_NOT_PERMITTED
So in network_security_config.xml, I changed it to true as below:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true"/>
</network-security-config>
And now Android Studio shows:
Setting is not
recommended.
Now is it safe to set it to false? If I don't set it to false. PayUMoney does not work. So what to do now?
Either use
<application
...
android:usesCleartextTraffic="true">
....
</application>
Or set config like below with domain:
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">Your_domain</domain>
</domain-config>
</network-security-config>
Related
I was trying to communicate with my server using Axios. I checked it worked well in the same URL, same body data in Postman. However, in most conditions, the application doesn't make an HTTP call - It only works when I turn on network inspector in react-native-debugger with debug mode. make a bunch of error messages like below.
Error: Network Error at createError
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:115372:17) at EventTarget.handleError
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:115282:16) at EventTarget.dispatchEvent
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:33554:27) at EventTarget.setReadyState
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:32692:20) at EventTarget.__didCompleteResponse
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:32500:16) at http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:32616:47 at RCTDeviceEventEmitter.emit
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:2310:37) at MessageQueue.__callFunction
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:3348:31) at http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:3076:17 at MessageQueue.__guard
(http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.wheelie&modulesOnly=false&runModule=true:3302:13)
I read the article that android network policy may be the reason. I changed the AndroidManifest.xml below. Then I checked there is http:// or https:// in a domain, and there was no problem with the domain. Finally, I added network_security_config.xml, but it doesn't make a change.
I use my physical android phone(galaxy A50, android 11) instead of AVD. targetSdkVersion and complieSdkVersion are also API 30, minSdkVersion is 22.
postLogIn
export function postLogIn(authorizationInfo: WheelieAuthorizationInfo) {
return axios.post<{
statusCode: number;
token: string;
}>(`${domain}/account/login`, authorizationInfo);
}
app/src/debug/AndrodiManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<application
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_config"
tools:targetApi="28"
tools:ignore="GoogleAppIndexingWarning">
<activity android:name="com.facebook.react.devsupport.DevSettingsActivity" />
</application>
</manifest>
network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">10.0.2.2</domain>
</domain-config>
</network-security-config>
I solved this problem two days ago by adding network_security_config.xml and network certificates(*.pem) for my backend API server.
References: Andorid Dev Network Security Configuration
First, add a custom networking security setting in AndroidManifest.xml
...
<application
...
android:networkSecurityConfig="#xml/network_security_config">
Second, make ./android/app/src/main/res/xml/network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">pedalers.net</domain>
<trust-anchors>
<certificates src="#raw/my_ca"/>
</trust-anchors>
</domain-config>
<domain-config cleartextTrafficPermitted="true">
<!-- Without localhost setting, it's unable to connect metro with app. -->
<domain includeSubdomains="true">127.0.0.1</domain>
<!-- For physical phone, 10.0.0.1 is the address connect to computer -->
<domain includeSubdomains="true">10.0.0.1</domain>
<!-- For AVD, 10.0.2.2 is the address connect to computer -->
<domain includeSubdomains="true">localhost</domain>
</domain-config>
</network-security-config>
Third, add the self-signed or non-public CA certificate, in PEM or DER format, to res/raw/my_ca.
I have an HTTP URL of audio.
The URL is working fine with the ExoPlayer v2.7.0 when android TargetSDKVersion is 26.
When the TargetSDKVersion is set to 28, it is not working.
Getting the following error:
W/MediaPlayer: Couldn't open http://***
java.io.FileNotFoundException: No content provider: http://***
But, when I set an HTTPS URL, it works fine.
For this, we have set the network configuration in the AndroidManifest
<application
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_config"
And network_security_config is:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
Also, used setAudioAttributes instead of setAudioStreamType for the media player.
mediaPlayer.setAudioAttributes(
new AudioAttributes
.Builder()
.setContentType(AudioAttributes.CONTENT_TYPE_MUSIC)
.build());
Any thoughts on this?
I have updated the network_security_config as follows:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">my_domain.com</domain>
</domain-config>
</network-security-config>
And removed the usesCleartextTraffic property from the AndroidManifest as follows:
<application
<!--android:name="com.tv2consulting.TV2Application"-->
android:networkSecurityConfig="#xml/network_security_config"
Allowing clear text traffic for a particular domain worked for me.
I am using a http://something API for the login process. But could't get a hit on API in Android 10. For rest of the version, the API is working fine.
First of all, I was getting SocketTimeoutException. Then I tried following solutions.
1) Added below attribute to <application> in Manifest.
android:usesCleartextTraffic="true"
Result: Still getting SocketTimeoutException.
2) Then I added networkSecurityConfig:
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">project.dev.company:6001/</domain>
<trust-anchors>
<certificates src="system"/>
</trust-anchors>
</domain-config>
</network-security-config>
Result : UnknownServiceException : CLEARTEXT communication to project.dev.company:6001/ is not permitted by network security policy.
3) Also tried permitting CLEARTEXT in <base-config>. Still getting SocketTimeoutException.
How can I permit my app to access a HTTP connection from Android 10? I am using Retrofit2 for network calling.
Use this codes in your xml file
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">project.dev.company</domain>
</domain-config>
</network-security-config>
and use this codes in manifest:
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_configuration"
dont need any "/" and port in domain,just use like me
Edited:
you can use IP of your api host,like this:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>
Note: this is a followup question.
I'm trying to allow http traffic in the android manifest of a react native application.
As explained here, I created a xml file:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.61</domain>
</domain-config>
</network-security-config>
and referenced it in the manifest, in the element :
android:networkSecurityConfig="#xml/network_security_config"
At compile time, I have the following error:
Manifest merger failed : Attribute application#networkSecurityConfig value=(#xml/react_native_config) from AndroidManifest.xml:17:7-67
is also present at AndroidManifest.xml:17:7-67 value=(#xml/network_security_config).
Suggestion: add 'tools:replace="android:networkSecurityConfig"' to element at AndroidManifest.xml:7:5-138 to override.
I tried the suggested workaround but the error is still here.
What is the correct way to achieve what I want?
I have the same issue.
For react native, i found that it already has react_native_config.xml at project/android/app/src/debug/res/xml/react_native_config.xml
just add your domain in react_native_config.xml example
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">example.com</domain>
<domain includeSubdomains="false">localhost</domain>
<domain includeSubdomains="false">10.0.2.2</domain>
<domain includeSubdomains="false">10.0.3.2</domain>
</domain-config>
</network-security-config>
<application
xmlns:tools="http://schemas.android.com/tools"
tools:replace="android:networkSecurityConfig"
android:networkSecurityConfig="#xml/network_security_config"
android:name=".MainApplication"
android:label="#string/app_name"
android:icon="#mipmap/ic_launcher"
android:roundIcon="#mipmap/ic_launcher_round"
android:allowBackup="false"
android:theme="#style/AppTheme">
We send an HTTP request to a device on a local network (192.168.1.1) in an Android app. The device only accepts HTTP not https requests. It was working until the Android system update yesterday (T837VVRU1BSC3). Now cleartext traffic is rejected.
I have tried the following without success:
android:usesCleartextTraffic="true"
adding android:networkSecurityConfig="#xml/network_security_config" and
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>
changing the xml file to:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
These are the only suggested solutions I can find to permit cleartext traffic. Does anyone know of other solutions?
Add the below line in the manifest in the application tag where icon, label, theme is defined
android:usesCleartextTraffic="true"
Add the "android:usesCleartextTraffic="true" in the AndroidManifest.xml is okey
<application
android:allowBackup="true"
android:icon="#mipmap/ic_launcher"
android:label="#string/app_name"
android:supportsRtl="true"
android:theme="#style/Theme.AppCompat.Light.NoActionBar"
android:usesCleartextTraffic="true">