Reputation: 779
Android P - NetworkSecurityPolicy.isCleartextTrafficPermitted false when network-security-config base-config cleartextTrafficPermitted true
This is on Android P using the support library version 28.0.0-rc01.
I have followed the instructions/solutions for this issue based on several SO posts:
Android 8: Cleartext HTTP traffic not permitted
along with several others.
The issue is that even though the network-security-config base-config sets this value to true, when I check the NetworkSecurityPolicy.isCleartextTrafficPermitted it returns false. This results in the ERR_CLEARTEXT_NOT_PERMITTED error when navigating to non https pages in a WebView.
Here is a snippet of the AndroidManifest
<application
...
android:supportsRtl="true"
android:networkSecurityConfig="@xml/network_security_config"
android:usesCleartextTraffic="true">
I have tried this with combinations of including just 'usesCleartextTraffic', just 'networkSecurityConfig' and both.
Here is the relevant network-security-config
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true" >
<trust-anchors>
<certificates src="system"/>
</trust-anchors>
</base-config>
</network-security-config>
Note that I have tried it with and without the 'trust-anchors'. I do have both a prod AndroidManifest and network-security-config as well as a debug version. However, both have the same settings (debug allows for user certificates in addition to system).
I also verified the security policy is being read in by checking logcat. At this point, I am at a loss as it seems the setting is not being honored.
Any help would be appreciated.
Upvotes: 2
Views: 10040
Answers (2)
Reputation: 303
I just have:
android:usesCleartextTraffic="true"
in the manifest and removed network_security_config.xml. That seems to work!
Upvotes: 9
Reputation: 779
For some reason, the debug AndroidManifest and network-security-config was causing the issue even though the settings were nearly identical -- the only difference was the debug version also allowed user generated certificates.
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:tools="http://schemas.android.com/tools"
xmlns:android="http://schemas.android.com/apk/res/android">
<application
android:networkSecurityConfig="@xml/network_security_config"
tools:targetApi="n" />
</manifest>
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<base-config cleartextTrafficPermitted="true" >
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
<certificates src="system" />
</trust-anchors>
</base-config>
</debug-overrides>
</network-security-config>
Removing the debug AndroidManifest.xml and network_security_config.xml files resolved the issue. I am still not sure why that works, but we no longer require the debug manifest anyway, so going with that for now.
Upvotes: 7
Related Questions
- Cleartext HTTP traffic to myserver.com not permitted on Android N preview
- Android 8: Cleartext HTTP traffic not permitted
- How to allow all Network connection types HTTP and HTTPS in Android (9) Pie?
- Android P without TLS: network-security-config: cleartextTrafficPermitted not possible for IP (only domain)
- Android 9.0 CLEARTEXT communication to "ipaddress" not permitted by network security policy
- CLEARTEXT communication not permitted by network security policy working on my mobile
- Default Network Security Configuration behaviour in Android
- Android: Exception "java.lang.IllegalStateException: Scheme 'https' not registered"
- Android HttpsURLConnection throws IllegalStateException only on Android 4.4.2 nexus devices
- Android Https connection.