i'm trying to connect to api by kotlin in android. but i'm getting error either
No network Securituy Config Specified, using platform default.
or
Using Network Security from resource ntwork_security_config debugBuild:true.
i already add network_security_config.xml in res/xml folder. can anyone help me with this problem?
below are some screenshot
Your network-security-config should be similar as below:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">enter domain here</domain>
</domain-config>
</network-security-config>
Example:
If your network call sends request to this domain:
www.myapp.com/api/something
Then, your network-security-config will look like:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">www.myapp.com</domain>
</domain-config>
</network-security-config>
Try using this and remove android:usesCleartextTraffic="true" from the manifest.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
you need to add this StrictMode Policy in onCreate of your class file..
StrictMode.ThreadPolicy policy = new
StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);
Related
I need to get a JSON response from an IP address (No Domain Name connected), but flutter 2.0 doesn't allow HTTP, so I followed this answer to enable it, but the problem I face is I dont have domain name, to replace here:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">api.example.com</domain>
</domain-config>
</network-security-config>
I tried replacing with IP but it throws error that IP is not recognised as domain name.
<domain includeSubdomains="true">x.x.x.x</domain> #doesn't work
Any solution to allow HTTP traffic from IP address.
PS: I know its unsafe.
EDIT:
I tried this methods:
Setting res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true" />
</network-security-config>
Doesn't work.
Setting res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">65.0.XX.136</domain>
</domain-config>
</network-security-config>
Doesn't Work.
Setting android:usesCleartextTraffic="true" in application tag of AndroidManifest.xml.
Doesn't work.
I have an HTTP URL of audio.
The URL is working fine with the ExoPlayer v2.7.0 when android TargetSDKVersion is 26.
When the TargetSDKVersion is set to 28, it is not working.
Getting the following error:
W/MediaPlayer: Couldn't open http://***
java.io.FileNotFoundException: No content provider: http://***
But, when I set an HTTPS URL, it works fine.
For this, we have set the network configuration in the AndroidManifest
<application
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_config"
And network_security_config is:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
Also, used setAudioAttributes instead of setAudioStreamType for the media player.
mediaPlayer.setAudioAttributes(
new AudioAttributes
.Builder()
.setContentType(AudioAttributes.CONTENT_TYPE_MUSIC)
.build());
Any thoughts on this?
I have updated the network_security_config as follows:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">my_domain.com</domain>
</domain-config>
</network-security-config>
And removed the usesCleartextTraffic property from the AndroidManifest as follows:
<application
<!--android:name="com.tv2consulting.TV2Application"-->
android:networkSecurityConfig="#xml/network_security_config"
Allowing clear text traffic for a particular domain worked for me.
I'm integrating PayUMoney with my app. For Android versions above 9 cleartextTrafficPermitted="false" by default. So I get the following error:
The webpage at http://180.179.174.15:3000/pgSimulator/axis/redirect
could not be loaded because: net::ERR_CLEARTEXT_NOT_PERMITTED
So in network_security_config.xml, I changed it to true as below:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true"/>
</network-security-config>
And now Android Studio shows:
Setting is not
recommended.
Now is it safe to set it to false? If I don't set it to false. PayUMoney does not work. So what to do now?
Either use
<application
...
android:usesCleartextTraffic="true">
....
</application>
Or set config like below with domain:
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">Your_domain</domain>
</domain-config>
</network-security-config>
I am using a http://something API for the login process. But could't get a hit on API in Android 10. For rest of the version, the API is working fine.
First of all, I was getting SocketTimeoutException. Then I tried following solutions.
1) Added below attribute to <application> in Manifest.
android:usesCleartextTraffic="true"
Result: Still getting SocketTimeoutException.
2) Then I added networkSecurityConfig:
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">project.dev.company:6001/</domain>
<trust-anchors>
<certificates src="system"/>
</trust-anchors>
</domain-config>
</network-security-config>
Result : UnknownServiceException : CLEARTEXT communication to project.dev.company:6001/ is not permitted by network security policy.
3) Also tried permitting CLEARTEXT in <base-config>. Still getting SocketTimeoutException.
How can I permit my app to access a HTTP connection from Android 10? I am using Retrofit2 for network calling.
Use this codes in your xml file
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">project.dev.company</domain>
</domain-config>
</network-security-config>
and use this codes in manifest:
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_configuration"
dont need any "/" and port in domain,just use like me
Edited:
you can use IP of your api host,like this:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.1.1</domain>
</domain-config>
</network-security-config>
In my application I set a network security configuration file with the following:
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
I'm setting in my manifest this way:
<application
(...)
android:networkSecurityConfig="#xml/network_security_config">
Additionally, I'm adding a 3rd party lib which supplies its own network security config file with a set of domains
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">domainA</domain>
</domain-config>
</network-security-config>
Which they are setting in my manifest this way:
<application android:networkSecurityConfig="#xml/network_security_config">
The problem is that the manifest merge only works in manifest.xml file (afaik), therefore the netowrk-security-config file will always be the application file and not the merge between the app and 3rd party network-security-config files, is there a way to achieve something like this?
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">domainA</domain>
</domain-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
There is no built-in mechanism to merge resources that way. You would need to have the combined network security configuration file in your app module, where you manually merge what you need and what the library requests.