Android 8:不允许明文HTTP通信
我收到安卓8用户的报告,说我的应用程序(使用后端提要)没有显示内容。经过调查,我发现Android 8上发生了以下异常:Android 8:不允许明文HTTP通信,android,http,https,Android,Http,Https,我收到安卓8用户的报告,说我的应用程序(使用后端提要)没有显示内容。经过调查,我发现Android 8上发生了以下异常: 08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted at com.android.okhttp.HttpHandler$CleartextUR
08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
(我已经删除了包名、URL和其他可能的标识符)
在安卓7和更低版本上,一切正常,我不在清单中设置Android:usesCleartextTraffic
(并且将其设置为true
没有帮助,这是默认值),也不使用网络安全信息。如果我调用NetworkSecurityPolicy.getInstance().isClearTextTrafficAllowed()
,对于Android 8,它返回false
,对于旧版本,它使用相同的apk文件返回true
。
我试图在谷歌关于Android O的信息中找到一些关于这一点的信息,但没有成功。好的,我已经找到了答案。这是因为我添加了清单参数android:targetSandboxVersion=“2”,因为我们也有即时应用程序版本-它应该确保用户从即时应用程序升级到常规应用程序后,不会因传输而丢失数据。然而,正如模糊的描述所表明的: 指定此应用程序要使用的目标沙盒。更高的sanbox版本将具有更高的安全级别 此属性的默认值为1
它显然还添加了新级别的安全策略,至少在Android 8上是这样。在AndroidManifest中,我找到了以下参数:
android:networkSecurityConfig="@xml/network_security_config"
@xml/network\u security\u config在network\u security\u config.xml中定义为:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<!--Set application-wide security config using base-config tag.-->
<base-config cleartextTrafficPermitted="false"/>
</network-security-config>
只是我根据-
从Android 9(API级别28)开始,明文支持被禁用
默认情况下
也看看
来自谷歌
选项1-
首先尝试使用“https://”而不是“http://”来点击URL
选项2-
创建文件res/xml/network\u security\u config.xml-
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">api.example.com(to be adjusted)</domain>
</domain-config>
</network-security-config>
***您的URL(例如:127.0.0.1)***
在上面提供的建议中,我提供的URL为
我把它改成了xyz.abc.com,然后它就开始工作了。它可能对某些人有用
最近Android 9也出现了同样的问题,但我们只需要在WebView中显示一些URL,没有什么特别的。因此,添加
android:usesCleartextTraffic=“true”
到清单中是可行的,但我们不想为此损害整个应用程序的安全性。
因此,修复方法是将链接从
http
更改为https
,如果可能,将url从http
更改为https
成功了 您可能只希望在调试时允许明文,但保留在生产中拒绝明文的安全优势。这对我很有用,因为我在不支持https的开发服务器上测试我的应用程序。以下是如何在生产中强制使用https,但允许在调试模式下使用明文: 内置。渐变:
// Put this in your buildtypes debug section:
manifestPlaceholders = [usesCleartextTraffic:"true"]
// Put this in your buildtypes release section
manifestPlaceholders = [usesCleartextTraffic:"false"]
在AndroidManifest.xml中的应用程序标记中
android:usesCleartextTraffic="${usesCleartextTraffic}"
我在安卓9中遇到的问题是使用http在域上的Web视图上导航 来自
以及:
res/xml/network\u security\u config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
<?xml version="1.0" encoding="utf-8" ?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">mobapi.3detrack.in</domain>
</domain-config>
</network-security-config>
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
好的,就是⇒⇒ 不⇐⇐数千次重复将其添加到您的清单中,但这是一个基于此的提示,但会给您带来额外的好处(可能还有一些背景信息) Android有一种覆盖src目录的功能 默认情况下,您拥有 /app/src/main 但您可以添加其他目录以覆盖AndroidManifest.xml。以下是它的工作原理:
- 创建目录/app/src/debug
- 在内部创建AndroidManifest.xml
android:usesCleartextTraffic="${usesCleartextTraffic}"
下面是请求的明文权限的示例:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.yourappname">
<application
android:usesCleartextTraffic="true"
android:name=".MainApplication"
android:label="@string/app_name"
android:icon="@mipmap/ic_launcher"
android:allowBackup="false"
android:theme="@style/AppTheme">
</application>
</manifest>
有了这些知识,您现在可以很容易地根据debug | main | release环境重载权限
它的最大好处是。。。您的生产清单中没有调试内容,并且您为React原生项目保留了一个直接且易于维护的结构 它已固定在RN 0.59上。 你可以在 您可以在不升级RN版本的情况下应用它,但必须执行以下步骤: 创建文件: -
本地服务器
10.0.2.2
10.0.3.2
-
检查已接受的答案以了解根本原因。升级到React Native 0.58.5或更高版本。 他们在RN 0.58.5的配置文件中有
includeSubdomain
在Rn 0.58.5中,他们已在其服务器域中声明了
network\u security\u config
。网络安全配置允许应用程序允许来自特定域的明文通信。因此,无需通过在清单文件的应用程序标记中声明android:usesCleartextTraffic=“true”
来付出额外的努力。升级RN版本后将自动解决此问题。要将这些不同的答案应用于Xamarin.Android
,您可以使用类和程序集级属性,而不是手动编辑AndroidManifest.xml
当然需要互联网许可(duh.)
注意:通常会将程序集级属性添加到AssemblyInfo.cs
文件中,但使用的下方和命名空间上方的任何文件都有效
然后在应用程序子类上(创建一个i
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.yourappname">
<application
android:usesCleartextTraffic="true"
android:name=".MainApplication"
android:label="@string/app_name"
android:icon="@mipmap/ic_launcher"
android:allowBackup="false"
android:theme="@style/AppTheme">
</application>
</manifest>
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="false">localhost</domain>
<domain includeSubdomains="false">10.0.2.2</domain>
<domain includeSubdomains="false">10.0.3.2</domain>
</domain-config>
</network-security-config>
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools">
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
<application tools:targetApi="28"
tools:ignore="GoogleAppIndexingWarning"
android:networkSecurityConfig="@xml/react_native_config" />
</manifest>
[assembly: UsesPermission(Android.Manifest.Permission.Internet)]
#if DEBUG
[Application(AllowBackup = false, Debuggable = true, NetworkSecurityConfig = "@xml/network_security_config")]
#else
[Application(AllowBackup = true, Debuggable = false, NetworkSecurityConfig = "@xml/network_security_config"))]
#endif
public class App : Application
{
public App(IntPtr javaReference, Android.Runtime.JniHandleOwnership transfer) : base(javaReference, transfer) { }
public App() { }
public override void OnCreate()
{
base.OnCreate();
}
}
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">www.example.com</domain>
<domain includeSubdomains="true">notsecure.com</domain>
<domain includeSubdomains="false">xxx.xxx.xxx</domain>
</domain-config>
</network-security-config>
#if DEBUG
[Application(AllowBackup = false, Debuggable = true, UsesCleartextTraffic = true)]
#else
[Application(AllowBackup = true, Debuggable = false, UsesCleartextTraffic = true))]
#endif
android:usesCleartextTraffic="true"
.connectionSpecs(CollectionsKt.listOf(ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT))
OkHttpClient okHttpClient = new OkHttpClient.Builder()
.readTimeout(10, TimeUnit.SECONDS)
.connectTimeout(10, TimeUnit.SECONDS)
.cache(null)
.connectionSpecs(CollectionsKt.listOf(ConnectionSpec.MODERN_TLS, ConnectionSpec.CLEARTEXT))
.addInterceptor(new NetworkInterceptor(context))
.addInterceptor(createLoggingInterceptor())
.addInterceptor(createSessionExpiryInterceptor())
.addInterceptor(createContextHeaderInterceptor())
.build();
<?xml version="1.0" encoding="utf-8" ?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">mobapi.3detrack.in</domain>
</domain-config>
</network-security-config>
<application android:label="your App Name" android:icon="@drawable/icon" android:networkSecurityConfig="@xml/network_security_config">
webView.loadUrl("https://www.google.com/")
"Content-Type": "application/x-www-form-urlencoded",
Accept: "application/json"
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.0.101</domain>
</domain-config>
</network-security-config>
android:usesCleartextTraffic="true" //Add this line in your manifests
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:usesCleartextTraffic="true"
android:theme="@style/AppTheme">
<manifest xmlns:tools=“http://schemas.android.com/tools”>
<application android:usesCleartextTraffic=“true” tools:targetApi=“28”>
<edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
<application android:networkSecurityConfig="@xml/network_security_config" />
<application android:usesCleartextTraffic="true" />
</edit-config>
<application
android:networkSecurityConfig="@xml/network_security_config" android:usesCleartextTraffic="true" >
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">xxx.yyyy.com</domain>
</domain-config>
</network-security-config>
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">books.google.com</domain>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</domain-config>
</network-security-config>
android:networkSecurityConfig="@xml/network_security_config"
android:usesCleartextTraffic="true"
<application
android:usesCleartextTraffic="true"
android:allowBackup="true"
android:label="@string/app_name"
android:largeHeap="true"
android:supportsRtl="true"
android:theme="@style/AppTheme"
>
cleartext support is disabled by default.Android in 9 and above
Try This one I hope It will work fine
1 Step:-> add inside android build gradle (Module:App)
useLibrary 'org.apache.http.legacy'
android {
compileSdkVersion 28
useLibrary 'org.apache.http.legacy'
}
<application
android:networkSecurityConfig="@xml/network_security_config">//add drawable goto Step 4
// Step --->3 add to top this line
<uses-library
android:name="org.apache.http.legacy"
android:required="false" />
</application>
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">localhost</domain>
<domain includeSubdomains="true">api.example.com(to be adjusted)</domain>
</domain-config>
</network-security-config>
<?xml version='1.0' encoding='utf-8'?>
<manifest android:hardwareAccelerated="true" android:versionCode="10000" android:versionName="1.0.0" package="io.cordova.hellocordova" xmlns:android="http://schemas.android.com/apk/res/android">
<supports-screens android:anyDensity="true" android:largeScreens="true" android:normalScreens="true" android:resizeable="true" android:smallScreens="true" android:xlargeScreens="true" />
<application
android:hardwareAccelerated="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:supportsRtl="true"
android:usesCleartextTraffic="true">
<activity android:configChanges="orientation|keyboardHidden|keyboard|screenSize|locale|smallestScreenSize|screenLayout|uiMode" android:label="@string/activity_name" android:launchMode="singleTop" android:name="MainActivity" android:theme="@android:style/Theme.DeviceDefault.NoActionBar" android:windowSoftInputMode="adjustResize">
<intent-filter android:label="@string/launcher_name">
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
</manifest>
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
debug {
manifestPlaceholders.cleartextTrafficPermitted ="true"
}
}
manifestPlaceholders.cleartextTrafficPermitted ="true"
<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:usesCleartextTraffic="${cleartextTrafficPermitted}"
...>
...
</application>
</manifest>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true" />
</network-security-config>