WebView shows net::ERR_CLEARTEXT_NOT_PERMITTED on HTTPS url

Question

I'm trying to load an url that fit security protocols with HTTPS, but when I'm trying to load on a WebView, android shows me net::ERR_CLEARTEXT_NOT_PERMITTED. Why? is a HTTPS what is the problem?

The source code that shows it is:

public class InternalWebBrowserActivityHelperImpl implements InternalWebBrowserActivityHelper, Constants {

    private final String TAG = getClass().getSimpleName();

    @NonNull
    private InternalWebBrowserActivityView activityView;

    public InternalWebBrowserActivityHelperImpl(@NonNull InternalWebBrowserActivityView activityView){
        this.activityView = activityView;
    }

    public WebChromeClient getWebChromeClient = new WebChromeClient() {

        @Override
        public void onProgressChanged(WebView view, int newProgress) {

            super.onProgressChanged(view, newProgress);

        }
    };

    public WebViewClient getWebViewClient() {

        return new WebViewClient() {

            @Override
            public void onReceivedError(WebView view, WebResourceRequest request, WebResourceError error) {
                super.onReceivedError(view, request, error);
                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
                    LoggerManager.handlesError("onReceivedError", request.getUrl().toString());
                }else{
                    LoggerManager.handlesError("onReceivedError", error.toString());
                }
                activityView.hideLoadingView();
                activityView.showWebView();
            }

            @Override
            public void onPageFinished(WebView view, String url) {
                super.onPageFinished(view, url);

                LoggerManager.handlesError("onPageFinished", url);
                activityView.hideLoadingView();
                activityView.showWebView();
            }

            @Override
            public boolean shouldOverrideUrlLoading(WebView view, String url) {

                //activityView.showLoadingView();
                LoggerManager.handlesError("override", url);
                return super.shouldOverrideUrlLoading(view, url);
            }
        };
    }

    @Override
    public void setupHelper(String url) {
        //7activityView.showLoadingView();
        activityView.showWebView();

        WebSettings.ZoomDensity zoomDensity = WebSettings.ZoomDensity.FAR;
        activityView.getFullWebView().getSettings().setJavaScriptEnabled(true);
        activityView.getFullWebView().getSettings().setDomStorageEnabled(true); // Add this


        activityView.getFullWebView().getSettings().setDefaultZoom(zoomDensity);
        activityView.getFullWebView().getSettings().setSupportZoom(true);
        activityView.getFullWebView().getSettings().setBuiltInZoomControls(true);
        activityView.getFullWebView().requestFocus(View.FOCUS_DOWN);

        activityView.getFullWebView().setWebChromeClient(getWebChromeClient);
        activityView.getFullWebView().setWebViewClient(getWebViewClient());

        activityView.getFullWebView().loadUrl(url);
    }
}

Thanks

Answer 1

Are you sure the URL you give to your webview is in HTTPS ?

Otherwise a quickfix would be to add the below line in your application as shown below:

<application
    android:usesCleartextTraffic="true"
    android:networkSecurityConfig="@xml/network_security_config"
    ....
</application>

I strongly advise that you create the network_security_config to only allow your domain and subdomain. Here is a quick tutorial