Android 8: Cleartext HTTP traffic not permitted





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







384















I had reports from users with Android 8 that my app (that uses back-end feed) does not show content. After investigation I found following Exception happening on Android 8:



08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)


(I've removed package name, URL and other possible identifiers)



On Android 7 and lower everything works, I do not set android:usesCleartextTraffic in Manifest (and setting it to true does not help, that is the default value anyway), neither do I use Network Security Information. If I call NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(), it returns false for Android 8, true for older version, using the same apk file.
I tried to find some mention of this on Google info about Android O, but without success.










share|improve this question


















  • 11





    Check this CodeLab but use cleartextTrafficPermitted="true"

    – ArtiomLK
    Mar 6 '18 at 18:10


















384















I had reports from users with Android 8 that my app (that uses back-end feed) does not show content. After investigation I found following Exception happening on Android 8:



08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)


(I've removed package name, URL and other possible identifiers)



On Android 7 and lower everything works, I do not set android:usesCleartextTraffic in Manifest (and setting it to true does not help, that is the default value anyway), neither do I use Network Security Information. If I call NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(), it returns false for Android 8, true for older version, using the same apk file.
I tried to find some mention of this on Google info about Android O, but without success.










share|improve this question


















  • 11





    Check this CodeLab but use cleartextTrafficPermitted="true"

    – ArtiomLK
    Mar 6 '18 at 18:10














384












384








384


113






I had reports from users with Android 8 that my app (that uses back-end feed) does not show content. After investigation I found following Exception happening on Android 8:



08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)


(I've removed package name, URL and other possible identifiers)



On Android 7 and lower everything works, I do not set android:usesCleartextTraffic in Manifest (and setting it to true does not help, that is the default value anyway), neither do I use Network Security Information. If I call NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(), it returns false for Android 8, true for older version, using the same apk file.
I tried to find some mention of this on Google info about Android O, but without success.










share|improve this question














I had reports from users with Android 8 that my app (that uses back-end feed) does not show content. After investigation I found following Exception happening on Android 8:



08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)


(I've removed package name, URL and other possible identifiers)



On Android 7 and lower everything works, I do not set android:usesCleartextTraffic in Manifest (and setting it to true does not help, that is the default value anyway), neither do I use Network Security Information. If I call NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(), it returns false for Android 8, true for older version, using the same apk file.
I tried to find some mention of this on Google info about Android O, but without success.







android http https






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 29 '17 at 13:48









david.sdavid.s

2,013388




2,013388








  • 11





    Check this CodeLab but use cleartextTrafficPermitted="true"

    – ArtiomLK
    Mar 6 '18 at 18:10














  • 11





    Check this CodeLab but use cleartextTrafficPermitted="true"

    – ArtiomLK
    Mar 6 '18 at 18:10








11




11





Check this CodeLab but use cleartextTrafficPermitted="true"

– ArtiomLK
Mar 6 '18 at 18:10





Check this CodeLab but use cleartextTrafficPermitted="true"

– ArtiomLK
Mar 6 '18 at 18:10












11 Answers
11






active

oldest

votes


















861














According to Network security configuration -




Starting with Android 9.0 (API level 28), cleartext support is
disabled by default.




Also have a look at - https://koz.io/android-m-and-the-war-on-cleartext-traffic/



Option 1 -



Create file res/xml/network_security_config.xml -



<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">Your URL(ex: 127.0.0.1)</domain>
</domain-config>
</network-security-config>


AndroidManifest.xml -



<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:networkSecurityConfig="@xml/network_security_config"
...>
...
</application>
</manifest>


Option 2 -



AndroidManifest.xml -



<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:usesCleartextTraffic="true"
...>
...
</application>
</manifest>


Also as @david.s' answer pointed out android:targetSandboxVersion can be a problem too -



According to Manifest Docs -




android:targetSandboxVersion



The target sandbox for this app to use. The higher the sandbox version
number, the higher the level of security. Its default value is 1; you
can also set it to 2. Setting this attribute to 2 switches the app to
a different SELinux sandbox. The following restrictions apply to a
level 2 sandbox:




  • The default value of usesCleartextTraffic in the Network Security Config is false.

  • Uid sharing is not permitted.




So Option 3 -



If you have android:targetSandboxVersion in <manifest> then reduce it to 1



AndroidManifest.xml -



<?xml version="1.0" encoding="utf-8"?>
<manifest android:targetSandboxVersion="1">
<uses-permission android:name="android.permission.INTERNET" />
...
</manifest>





share|improve this answer





















  • 2





    It's weird, this issue still appears, and your solution still fixes it. But the Google link your provided doesn't mention it anymore

    – avalancha
    Aug 7 '18 at 12:06






  • 4





    @HrishikeshKadam your answer is much appreciated but it seems there must be another step in the most recent release of P? Please see my question stackoverflow.com/questions/51770323/…

    – spartygw
    Aug 9 '18 at 15:04






  • 4





    Does ClearText HTTP mean that they were just using a http site instead of https?

    – Tom Hammond
    Oct 30 '18 at 21:57






  • 22





    What's the point of this Android security feature if every developer going to add android:usesCleartextTraffic="true" ?

    – 林果皞
    Jan 24 at 9:08








  • 6





    This does not even mention the best solution to this problem: Use HTTPS. The options mentioned in this answer should only be a last resort.

    – Christian Brüggemann
    Jan 28 at 22:47



















53














In the AndroidManifest I found this parameter:



    android:networkSecurityConfig="@xml/network_security_config"


and @xml/network_security_config is defined in network_security_config.xml as:



<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<!--Set application-wide security config using base-config tag.-->
<base-config cleartextTrafficPermitted="false"/>
</network-security-config>


just I changed cleartextTrafficPermitted to true






share|improve this answer



















  • 6





    +1 This is useful if you want to apply it accross all domains used in the app rather than maintain a subset as other answers have suggested.

    – Martin Price
    Oct 16 '18 at 9:21






  • 2





    Solved my issue Thanks Man :)

    – Atif AbbAsi
    Dec 17 '18 at 10:14











  • Worked for me. Thanks

    – Ali Ahmed
    Apr 2 at 12:30





















31














You might only want to allow cleartext while debugging, but keep the security benefits of rejecting cleartext in production. This is useful for me because I test my app against a development server that does not support https. Here is how to enforce https in production, but allow cleartext in debug mode:



In build.gradle:



// Put this in your buildtypes debug section:
manifestPlaceholders = [usesCleartextTraffic:"true"]

// Put this in your buildtypes release section
manifestPlaceholders = [usesCleartextTraffic:"false"]


In the application tag in AndroidManifest.xml



android:usesCleartextTraffic="${usesCleartextTraffic}"





share|improve this answer


























  • it's only used on api 23+ though. If you want an api independent solution the approved one at: stackoverflow.com/questions/46302058/… is a good option...

    – Rik van Velzen
    Mar 1 at 13:58





















31














Change your url's from HTTP to HTTPS;



It works out!!!






share|improve this answer





















  • 13





    how is this upvoted? you'll get a handshake exception if your server url isn't https

    – kkarakk
    Feb 8 at 9:44






  • 4





    upvoted because it's the right thing to do (in production environments). HTTPS should be the default, not HTTP.

    – beetstra
    Feb 18 at 10:56






  • 3





    @beetsta You assume that you have full control over what is serving the content. This answer is therefore naive or flippant in nature.

    – Martin Price
    Feb 22 at 13:59






  • 1





    @beetstra Why should be HTTPS default on a LOCAL machine while debugging? This is so stupid, just another example of Google paternalism. Luckily one can workaround this for debug mode by Tyler's solution.

    – Bevor
    Feb 23 at 18:48











  • @MartinPrice, I agree the answer is too short and not applicable to all situations. However, neither are most of the other answers, in assuming that allowing HTTP traffic is the right way to go. Allowing cleartext traffic in all situations for all hosts totally ignores the reasons why Google changed this in the first place. For production environments HTTPS is nearly always the right way to go. Allowing HTTP in debug environments is of course not an issue, as I mentioned in the comment.

    – beetstra
    Feb 25 at 9:09



















18














It could be useful for someone.



We recently had the same issue for Android 9, but we only needed to display some Urls within WebView, nothing very special. So adding android:usesCleartextTraffic="true" to Manifest worked, but we didn't want to compromise security of the whole app for this.
So the fix was in changing links from http to https






share|improve this answer





















  • 3





    If I only want to display some URLs I don't need a WebView. I just use a TextView. ;) I suppose you mean you show some html pages. Your fix only works if your server offers SSL. You can't simply change the links.

    – The incredible Jan
    Nov 22 '18 at 13:47






  • 1





    This for sure is the best option whenever possible, but one can't always choose that - either for a performance reason or because simply the resource may not be available in cleartext HTTP.

    – Dakatine
    Jan 24 at 16:04



















17














<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">***Your URL(ex: 127.0.0.1)***</domain>
</domain-config>
</network-security-config>


In the suggestion provided above I was providing my URL as http://xyz.abc.com/mno/



I changed that to xyz.abc.com then it started working.






share|improve this answer



















  • 1





    As @Lorence said this is very important to remove http://

    – user2725105
    Nov 8 '18 at 11:03








  • 1





    Domain != URL. "http" is the protocol. The protocol is never part of the domain.

    – The incredible Jan
    Nov 22 '18 at 13:52



















10














My problem in Android 9 was navigating on a webview over domains with http
The solution from this answer



<application 
android:networkSecurityConfig="@xml/network_security_config"
...>


and:



res/xml/network_security_config.xml



<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>





share|improve this answer

































    8














    Ok, that is ⇒⇒ NOT ⇐⇐ the thousands repeat of add it to your Manifest, but an hint which base on this, but give you additional Benefit (and maybe some Background Info).



    Android has a kind of overwriting functionality for the src-Directory.



    By default, you have




    /app/src/main




    But you can add additional directories to overwrite your AndroidManifest.xml. Here is how it works:




    • Create the Directory /app/src/debug

    • Inside create the AndroidManifest.xml


    Inside of this File, you don't have to put all the Rules inside, but only the ones you like to overwrite from your /app/src/main/AndroidManifest.xml



    Here an Example how it looks like for the requested CLEARTEXT-Permission:



    <manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.yourappname">

    <application
    android:usesCleartextTraffic="true"
    android:name=".MainApplication"
    android:label="@string/app_name"
    android:icon="@mipmap/ic_launcher"
    android:allowBackup="false"
    android:theme="@style/AppTheme">
    </application>

    </manifest>


    With this knowledge it's now easy as 1,2,3 for you to overload your Permissions depending on your debug | main | release Enviroment.



    The big benefit on it... you don't have debug-stuff in your production-Manifest and you keep an straight and easy maintainable structure






    share|improve this answer



















    • 1





      This is definitely the proper solution. Android has added these security settings for a reason, so they should stand. Your solutions allows us to test on local insecure environments, while the production builds will still have the recommended security settings. Thank you!

      – Coo
      Apr 23 at 8:37



















    7














    Okay, I have figured this out. It is due to the Manifest parameter android:targetSandboxVersion="2", that I have added because we also have Instant App version - it should make sure than once user upgrades from Instant App to regular app, he will not loose his data with the transfer. However as the vague description suggest:




    Specifies the target sandbox this app wants to use. Higher sanbox versions will have increasing levels of security.



    The default value of this attribute is 1.




    It obviously also adds new level of security policy, at least on Android 8.






    share|improve this answer































      4














      For React Native projects



      It was already fixed on RN 0.59.
      You can find on upgrade diff from 0.58.6 to 0.59
      You can apply it without upgrading you RN versionust follow the below steps:



      Create files:



      android/app/src/debug/res/xml/react_native_config.xml -



      <?xml version="1.0" encoding="utf-8"?>
      <network-security-config>
      <domain-config cleartextTrafficPermitted="true">
      <domain includeSubdomains="false">localhost</domain>
      <domain includeSubdomains="false">10.0.2.2</domain>
      <domain includeSubdomains="false">10.0.3.2</domain>
      </domain-config>
      </network-security-config>


      android/app/src/debug/AndroidManifest.xml -



      <?xml version="1.0" encoding="utf-8"?>
      <manifest xmlns:android="http://schemas.android.com/apk/res/android"
      xmlns:tools="http://schemas.android.com/tools">

      <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>

      <application tools:targetApi="28"
      tools:ignore="GoogleAppIndexingWarning"
      android:networkSecurityConfig="@xml/react_native_config" />
      </manifest>


      Check the accepted answer to know the root cause.






      share|improve this answer































        0














        Upgrade to React Native 0.58.5 or higher version.
        They have includeSubdomain in their config files in RN 0.58.5.



        ChangeLog



        In Rn 0.58.5 they have declared network_security_config with their server domain. Network security configuration allows an app to permit cleartext traffic from a certain domain. So no need to put extra effort by declaring android:usesCleartextTraffic="true" in the application tag of your manifest file. It will be resolved automatically after upgrading the RN Version.






        share|improve this answer
























          protected by Community Nov 25 '18 at 18:49



          Thank you for your interest in this question.
          Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



          Would you like to answer one of these unanswered questions instead?














          11 Answers
          11






          active

          oldest

          votes








          11 Answers
          11






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          861














          According to Network security configuration -




          Starting with Android 9.0 (API level 28), cleartext support is
          disabled by default.




          Also have a look at - https://koz.io/android-m-and-the-war-on-cleartext-traffic/



          Option 1 -



          Create file res/xml/network_security_config.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <domain-config cleartextTrafficPermitted="true">
          <domain includeSubdomains="true">Your URL(ex: 127.0.0.1)</domain>
          </domain-config>
          </network-security-config>


          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest ...>
          <uses-permission android:name="android.permission.INTERNET" />
          <application
          ...
          android:networkSecurityConfig="@xml/network_security_config"
          ...>
          ...
          </application>
          </manifest>


          Option 2 -



          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest ...>
          <uses-permission android:name="android.permission.INTERNET" />
          <application
          ...
          android:usesCleartextTraffic="true"
          ...>
          ...
          </application>
          </manifest>


          Also as @david.s' answer pointed out android:targetSandboxVersion can be a problem too -



          According to Manifest Docs -




          android:targetSandboxVersion



          The target sandbox for this app to use. The higher the sandbox version
          number, the higher the level of security. Its default value is 1; you
          can also set it to 2. Setting this attribute to 2 switches the app to
          a different SELinux sandbox. The following restrictions apply to a
          level 2 sandbox:




          • The default value of usesCleartextTraffic in the Network Security Config is false.

          • Uid sharing is not permitted.




          So Option 3 -



          If you have android:targetSandboxVersion in <manifest> then reduce it to 1



          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest android:targetSandboxVersion="1">
          <uses-permission android:name="android.permission.INTERNET" />
          ...
          </manifest>





          share|improve this answer





















          • 2





            It's weird, this issue still appears, and your solution still fixes it. But the Google link your provided doesn't mention it anymore

            – avalancha
            Aug 7 '18 at 12:06






          • 4





            @HrishikeshKadam your answer is much appreciated but it seems there must be another step in the most recent release of P? Please see my question stackoverflow.com/questions/51770323/…

            – spartygw
            Aug 9 '18 at 15:04






          • 4





            Does ClearText HTTP mean that they were just using a http site instead of https?

            – Tom Hammond
            Oct 30 '18 at 21:57






          • 22





            What's the point of this Android security feature if every developer going to add android:usesCleartextTraffic="true" ?

            – 林果皞
            Jan 24 at 9:08








          • 6





            This does not even mention the best solution to this problem: Use HTTPS. The options mentioned in this answer should only be a last resort.

            – Christian Brüggemann
            Jan 28 at 22:47
















          861














          According to Network security configuration -




          Starting with Android 9.0 (API level 28), cleartext support is
          disabled by default.




          Also have a look at - https://koz.io/android-m-and-the-war-on-cleartext-traffic/



          Option 1 -



          Create file res/xml/network_security_config.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <domain-config cleartextTrafficPermitted="true">
          <domain includeSubdomains="true">Your URL(ex: 127.0.0.1)</domain>
          </domain-config>
          </network-security-config>


          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest ...>
          <uses-permission android:name="android.permission.INTERNET" />
          <application
          ...
          android:networkSecurityConfig="@xml/network_security_config"
          ...>
          ...
          </application>
          </manifest>


          Option 2 -



          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest ...>
          <uses-permission android:name="android.permission.INTERNET" />
          <application
          ...
          android:usesCleartextTraffic="true"
          ...>
          ...
          </application>
          </manifest>


          Also as @david.s' answer pointed out android:targetSandboxVersion can be a problem too -



          According to Manifest Docs -




          android:targetSandboxVersion



          The target sandbox for this app to use. The higher the sandbox version
          number, the higher the level of security. Its default value is 1; you
          can also set it to 2. Setting this attribute to 2 switches the app to
          a different SELinux sandbox. The following restrictions apply to a
          level 2 sandbox:




          • The default value of usesCleartextTraffic in the Network Security Config is false.

          • Uid sharing is not permitted.




          So Option 3 -



          If you have android:targetSandboxVersion in <manifest> then reduce it to 1



          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest android:targetSandboxVersion="1">
          <uses-permission android:name="android.permission.INTERNET" />
          ...
          </manifest>





          share|improve this answer





















          • 2





            It's weird, this issue still appears, and your solution still fixes it. But the Google link your provided doesn't mention it anymore

            – avalancha
            Aug 7 '18 at 12:06






          • 4





            @HrishikeshKadam your answer is much appreciated but it seems there must be another step in the most recent release of P? Please see my question stackoverflow.com/questions/51770323/…

            – spartygw
            Aug 9 '18 at 15:04






          • 4





            Does ClearText HTTP mean that they were just using a http site instead of https?

            – Tom Hammond
            Oct 30 '18 at 21:57






          • 22





            What's the point of this Android security feature if every developer going to add android:usesCleartextTraffic="true" ?

            – 林果皞
            Jan 24 at 9:08








          • 6





            This does not even mention the best solution to this problem: Use HTTPS. The options mentioned in this answer should only be a last resort.

            – Christian Brüggemann
            Jan 28 at 22:47














          861












          861








          861







          According to Network security configuration -




          Starting with Android 9.0 (API level 28), cleartext support is
          disabled by default.




          Also have a look at - https://koz.io/android-m-and-the-war-on-cleartext-traffic/



          Option 1 -



          Create file res/xml/network_security_config.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <domain-config cleartextTrafficPermitted="true">
          <domain includeSubdomains="true">Your URL(ex: 127.0.0.1)</domain>
          </domain-config>
          </network-security-config>


          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest ...>
          <uses-permission android:name="android.permission.INTERNET" />
          <application
          ...
          android:networkSecurityConfig="@xml/network_security_config"
          ...>
          ...
          </application>
          </manifest>


          Option 2 -



          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest ...>
          <uses-permission android:name="android.permission.INTERNET" />
          <application
          ...
          android:usesCleartextTraffic="true"
          ...>
          ...
          </application>
          </manifest>


          Also as @david.s' answer pointed out android:targetSandboxVersion can be a problem too -



          According to Manifest Docs -




          android:targetSandboxVersion



          The target sandbox for this app to use. The higher the sandbox version
          number, the higher the level of security. Its default value is 1; you
          can also set it to 2. Setting this attribute to 2 switches the app to
          a different SELinux sandbox. The following restrictions apply to a
          level 2 sandbox:




          • The default value of usesCleartextTraffic in the Network Security Config is false.

          • Uid sharing is not permitted.




          So Option 3 -



          If you have android:targetSandboxVersion in <manifest> then reduce it to 1



          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest android:targetSandboxVersion="1">
          <uses-permission android:name="android.permission.INTERNET" />
          ...
          </manifest>





          share|improve this answer















          According to Network security configuration -




          Starting with Android 9.0 (API level 28), cleartext support is
          disabled by default.




          Also have a look at - https://koz.io/android-m-and-the-war-on-cleartext-traffic/



          Option 1 -



          Create file res/xml/network_security_config.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <domain-config cleartextTrafficPermitted="true">
          <domain includeSubdomains="true">Your URL(ex: 127.0.0.1)</domain>
          </domain-config>
          </network-security-config>


          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest ...>
          <uses-permission android:name="android.permission.INTERNET" />
          <application
          ...
          android:networkSecurityConfig="@xml/network_security_config"
          ...>
          ...
          </application>
          </manifest>


          Option 2 -



          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest ...>
          <uses-permission android:name="android.permission.INTERNET" />
          <application
          ...
          android:usesCleartextTraffic="true"
          ...>
          ...
          </application>
          </manifest>


          Also as @david.s' answer pointed out android:targetSandboxVersion can be a problem too -



          According to Manifest Docs -




          android:targetSandboxVersion



          The target sandbox for this app to use. The higher the sandbox version
          number, the higher the level of security. Its default value is 1; you
          can also set it to 2. Setting this attribute to 2 switches the app to
          a different SELinux sandbox. The following restrictions apply to a
          level 2 sandbox:




          • The default value of usesCleartextTraffic in the Network Security Config is false.

          • Uid sharing is not permitted.




          So Option 3 -



          If you have android:targetSandboxVersion in <manifest> then reduce it to 1



          AndroidManifest.xml -



          <?xml version="1.0" encoding="utf-8"?>
          <manifest android:targetSandboxVersion="1">
          <uses-permission android:name="android.permission.INTERNET" />
          ...
          </manifest>






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 4 '18 at 22:43

























          answered Jun 13 '18 at 10:11









          Hrishikesh KadamHrishikesh Kadam

          9,6043926




          9,6043926








          • 2





            It's weird, this issue still appears, and your solution still fixes it. But the Google link your provided doesn't mention it anymore

            – avalancha
            Aug 7 '18 at 12:06






          • 4





            @HrishikeshKadam your answer is much appreciated but it seems there must be another step in the most recent release of P? Please see my question stackoverflow.com/questions/51770323/…

            – spartygw
            Aug 9 '18 at 15:04






          • 4





            Does ClearText HTTP mean that they were just using a http site instead of https?

            – Tom Hammond
            Oct 30 '18 at 21:57






          • 22





            What's the point of this Android security feature if every developer going to add android:usesCleartextTraffic="true" ?

            – 林果皞
            Jan 24 at 9:08








          • 6





            This does not even mention the best solution to this problem: Use HTTPS. The options mentioned in this answer should only be a last resort.

            – Christian Brüggemann
            Jan 28 at 22:47














          • 2





            It's weird, this issue still appears, and your solution still fixes it. But the Google link your provided doesn't mention it anymore

            – avalancha
            Aug 7 '18 at 12:06






          • 4





            @HrishikeshKadam your answer is much appreciated but it seems there must be another step in the most recent release of P? Please see my question stackoverflow.com/questions/51770323/…

            – spartygw
            Aug 9 '18 at 15:04






          • 4





            Does ClearText HTTP mean that they were just using a http site instead of https?

            – Tom Hammond
            Oct 30 '18 at 21:57






          • 22





            What's the point of this Android security feature if every developer going to add android:usesCleartextTraffic="true" ?

            – 林果皞
            Jan 24 at 9:08








          • 6





            This does not even mention the best solution to this problem: Use HTTPS. The options mentioned in this answer should only be a last resort.

            – Christian Brüggemann
            Jan 28 at 22:47








          2




          2





          It's weird, this issue still appears, and your solution still fixes it. But the Google link your provided doesn't mention it anymore

          – avalancha
          Aug 7 '18 at 12:06





          It's weird, this issue still appears, and your solution still fixes it. But the Google link your provided doesn't mention it anymore

          – avalancha
          Aug 7 '18 at 12:06




          4




          4





          @HrishikeshKadam your answer is much appreciated but it seems there must be another step in the most recent release of P? Please see my question stackoverflow.com/questions/51770323/…

          – spartygw
          Aug 9 '18 at 15:04





          @HrishikeshKadam your answer is much appreciated but it seems there must be another step in the most recent release of P? Please see my question stackoverflow.com/questions/51770323/…

          – spartygw
          Aug 9 '18 at 15:04




          4




          4





          Does ClearText HTTP mean that they were just using a http site instead of https?

          – Tom Hammond
          Oct 30 '18 at 21:57





          Does ClearText HTTP mean that they were just using a http site instead of https?

          – Tom Hammond
          Oct 30 '18 at 21:57




          22




          22





          What's the point of this Android security feature if every developer going to add android:usesCleartextTraffic="true" ?

          – 林果皞
          Jan 24 at 9:08







          What's the point of this Android security feature if every developer going to add android:usesCleartextTraffic="true" ?

          – 林果皞
          Jan 24 at 9:08






          6




          6





          This does not even mention the best solution to this problem: Use HTTPS. The options mentioned in this answer should only be a last resort.

          – Christian Brüggemann
          Jan 28 at 22:47





          This does not even mention the best solution to this problem: Use HTTPS. The options mentioned in this answer should only be a last resort.

          – Christian Brüggemann
          Jan 28 at 22:47













          53














          In the AndroidManifest I found this parameter:



              android:networkSecurityConfig="@xml/network_security_config"


          and @xml/network_security_config is defined in network_security_config.xml as:



          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <!--Set application-wide security config using base-config tag.-->
          <base-config cleartextTrafficPermitted="false"/>
          </network-security-config>


          just I changed cleartextTrafficPermitted to true






          share|improve this answer



















          • 6





            +1 This is useful if you want to apply it accross all domains used in the app rather than maintain a subset as other answers have suggested.

            – Martin Price
            Oct 16 '18 at 9:21






          • 2





            Solved my issue Thanks Man :)

            – Atif AbbAsi
            Dec 17 '18 at 10:14











          • Worked for me. Thanks

            – Ali Ahmed
            Apr 2 at 12:30


















          53














          In the AndroidManifest I found this parameter:



              android:networkSecurityConfig="@xml/network_security_config"


          and @xml/network_security_config is defined in network_security_config.xml as:



          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <!--Set application-wide security config using base-config tag.-->
          <base-config cleartextTrafficPermitted="false"/>
          </network-security-config>


          just I changed cleartextTrafficPermitted to true






          share|improve this answer



















          • 6





            +1 This is useful if you want to apply it accross all domains used in the app rather than maintain a subset as other answers have suggested.

            – Martin Price
            Oct 16 '18 at 9:21






          • 2





            Solved my issue Thanks Man :)

            – Atif AbbAsi
            Dec 17 '18 at 10:14











          • Worked for me. Thanks

            – Ali Ahmed
            Apr 2 at 12:30
















          53












          53








          53







          In the AndroidManifest I found this parameter:



              android:networkSecurityConfig="@xml/network_security_config"


          and @xml/network_security_config is defined in network_security_config.xml as:



          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <!--Set application-wide security config using base-config tag.-->
          <base-config cleartextTrafficPermitted="false"/>
          </network-security-config>


          just I changed cleartextTrafficPermitted to true






          share|improve this answer













          In the AndroidManifest I found this parameter:



              android:networkSecurityConfig="@xml/network_security_config"


          and @xml/network_security_config is defined in network_security_config.xml as:



          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <!--Set application-wide security config using base-config tag.-->
          <base-config cleartextTrafficPermitted="false"/>
          </network-security-config>


          just I changed cleartextTrafficPermitted to true







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 21 '18 at 4:10









          byOntibyOnti

          751510




          751510








          • 6





            +1 This is useful if you want to apply it accross all domains used in the app rather than maintain a subset as other answers have suggested.

            – Martin Price
            Oct 16 '18 at 9:21






          • 2





            Solved my issue Thanks Man :)

            – Atif AbbAsi
            Dec 17 '18 at 10:14











          • Worked for me. Thanks

            – Ali Ahmed
            Apr 2 at 12:30
















          • 6





            +1 This is useful if you want to apply it accross all domains used in the app rather than maintain a subset as other answers have suggested.

            – Martin Price
            Oct 16 '18 at 9:21






          • 2





            Solved my issue Thanks Man :)

            – Atif AbbAsi
            Dec 17 '18 at 10:14











          • Worked for me. Thanks

            – Ali Ahmed
            Apr 2 at 12:30










          6




          6





          +1 This is useful if you want to apply it accross all domains used in the app rather than maintain a subset as other answers have suggested.

          – Martin Price
          Oct 16 '18 at 9:21





          +1 This is useful if you want to apply it accross all domains used in the app rather than maintain a subset as other answers have suggested.

          – Martin Price
          Oct 16 '18 at 9:21




          2




          2





          Solved my issue Thanks Man :)

          – Atif AbbAsi
          Dec 17 '18 at 10:14





          Solved my issue Thanks Man :)

          – Atif AbbAsi
          Dec 17 '18 at 10:14













          Worked for me. Thanks

          – Ali Ahmed
          Apr 2 at 12:30







          Worked for me. Thanks

          – Ali Ahmed
          Apr 2 at 12:30













          31














          You might only want to allow cleartext while debugging, but keep the security benefits of rejecting cleartext in production. This is useful for me because I test my app against a development server that does not support https. Here is how to enforce https in production, but allow cleartext in debug mode:



          In build.gradle:



          // Put this in your buildtypes debug section:
          manifestPlaceholders = [usesCleartextTraffic:"true"]

          // Put this in your buildtypes release section
          manifestPlaceholders = [usesCleartextTraffic:"false"]


          In the application tag in AndroidManifest.xml



          android:usesCleartextTraffic="${usesCleartextTraffic}"





          share|improve this answer


























          • it's only used on api 23+ though. If you want an api independent solution the approved one at: stackoverflow.com/questions/46302058/… is a good option...

            – Rik van Velzen
            Mar 1 at 13:58


















          31














          You might only want to allow cleartext while debugging, but keep the security benefits of rejecting cleartext in production. This is useful for me because I test my app against a development server that does not support https. Here is how to enforce https in production, but allow cleartext in debug mode:



          In build.gradle:



          // Put this in your buildtypes debug section:
          manifestPlaceholders = [usesCleartextTraffic:"true"]

          // Put this in your buildtypes release section
          manifestPlaceholders = [usesCleartextTraffic:"false"]


          In the application tag in AndroidManifest.xml



          android:usesCleartextTraffic="${usesCleartextTraffic}"





          share|improve this answer


























          • it's only used on api 23+ though. If you want an api independent solution the approved one at: stackoverflow.com/questions/46302058/… is a good option...

            – Rik van Velzen
            Mar 1 at 13:58
















          31












          31








          31







          You might only want to allow cleartext while debugging, but keep the security benefits of rejecting cleartext in production. This is useful for me because I test my app against a development server that does not support https. Here is how to enforce https in production, but allow cleartext in debug mode:



          In build.gradle:



          // Put this in your buildtypes debug section:
          manifestPlaceholders = [usesCleartextTraffic:"true"]

          // Put this in your buildtypes release section
          manifestPlaceholders = [usesCleartextTraffic:"false"]


          In the application tag in AndroidManifest.xml



          android:usesCleartextTraffic="${usesCleartextTraffic}"





          share|improve this answer















          You might only want to allow cleartext while debugging, but keep the security benefits of rejecting cleartext in production. This is useful for me because I test my app against a development server that does not support https. Here is how to enforce https in production, but allow cleartext in debug mode:



          In build.gradle:



          // Put this in your buildtypes debug section:
          manifestPlaceholders = [usesCleartextTraffic:"true"]

          // Put this in your buildtypes release section
          manifestPlaceholders = [usesCleartextTraffic:"false"]


          In the application tag in AndroidManifest.xml



          android:usesCleartextTraffic="${usesCleartextTraffic}"






          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 13 '18 at 18:12

























          answered Dec 11 '18 at 21:47









          TylerTyler

          9321112




          9321112













          • it's only used on api 23+ though. If you want an api independent solution the approved one at: stackoverflow.com/questions/46302058/… is a good option...

            – Rik van Velzen
            Mar 1 at 13:58





















          • it's only used on api 23+ though. If you want an api independent solution the approved one at: stackoverflow.com/questions/46302058/… is a good option...

            – Rik van Velzen
            Mar 1 at 13:58



















          it's only used on api 23+ though. If you want an api independent solution the approved one at: stackoverflow.com/questions/46302058/… is a good option...

          – Rik van Velzen
          Mar 1 at 13:58







          it's only used on api 23+ though. If you want an api independent solution the approved one at: stackoverflow.com/questions/46302058/… is a good option...

          – Rik van Velzen
          Mar 1 at 13:58













          31














          Change your url's from HTTP to HTTPS;



          It works out!!!






          share|improve this answer





















          • 13





            how is this upvoted? you'll get a handshake exception if your server url isn't https

            – kkarakk
            Feb 8 at 9:44






          • 4





            upvoted because it's the right thing to do (in production environments). HTTPS should be the default, not HTTP.

            – beetstra
            Feb 18 at 10:56






          • 3





            @beetsta You assume that you have full control over what is serving the content. This answer is therefore naive or flippant in nature.

            – Martin Price
            Feb 22 at 13:59






          • 1





            @beetstra Why should be HTTPS default on a LOCAL machine while debugging? This is so stupid, just another example of Google paternalism. Luckily one can workaround this for debug mode by Tyler's solution.

            – Bevor
            Feb 23 at 18:48











          • @MartinPrice, I agree the answer is too short and not applicable to all situations. However, neither are most of the other answers, in assuming that allowing HTTP traffic is the right way to go. Allowing cleartext traffic in all situations for all hosts totally ignores the reasons why Google changed this in the first place. For production environments HTTPS is nearly always the right way to go. Allowing HTTP in debug environments is of course not an issue, as I mentioned in the comment.

            – beetstra
            Feb 25 at 9:09
















          31














          Change your url's from HTTP to HTTPS;



          It works out!!!






          share|improve this answer





















          • 13





            how is this upvoted? you'll get a handshake exception if your server url isn't https

            – kkarakk
            Feb 8 at 9:44






          • 4





            upvoted because it's the right thing to do (in production environments). HTTPS should be the default, not HTTP.

            – beetstra
            Feb 18 at 10:56






          • 3





            @beetsta You assume that you have full control over what is serving the content. This answer is therefore naive or flippant in nature.

            – Martin Price
            Feb 22 at 13:59






          • 1





            @beetstra Why should be HTTPS default on a LOCAL machine while debugging? This is so stupid, just another example of Google paternalism. Luckily one can workaround this for debug mode by Tyler's solution.

            – Bevor
            Feb 23 at 18:48











          • @MartinPrice, I agree the answer is too short and not applicable to all situations. However, neither are most of the other answers, in assuming that allowing HTTP traffic is the right way to go. Allowing cleartext traffic in all situations for all hosts totally ignores the reasons why Google changed this in the first place. For production environments HTTPS is nearly always the right way to go. Allowing HTTP in debug environments is of course not an issue, as I mentioned in the comment.

            – beetstra
            Feb 25 at 9:09














          31












          31








          31







          Change your url's from HTTP to HTTPS;



          It works out!!!






          share|improve this answer















          Change your url's from HTTP to HTTPS;



          It works out!!!







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Apr 18 at 12:38









          Nilesh Rathod

          34.8k83564




          34.8k83564










          answered Oct 4 '18 at 17:12









          eLieLi

          1,7121221




          1,7121221








          • 13





            how is this upvoted? you'll get a handshake exception if your server url isn't https

            – kkarakk
            Feb 8 at 9:44






          • 4





            upvoted because it's the right thing to do (in production environments). HTTPS should be the default, not HTTP.

            – beetstra
            Feb 18 at 10:56






          • 3





            @beetsta You assume that you have full control over what is serving the content. This answer is therefore naive or flippant in nature.

            – Martin Price
            Feb 22 at 13:59






          • 1





            @beetstra Why should be HTTPS default on a LOCAL machine while debugging? This is so stupid, just another example of Google paternalism. Luckily one can workaround this for debug mode by Tyler's solution.

            – Bevor
            Feb 23 at 18:48











          • @MartinPrice, I agree the answer is too short and not applicable to all situations. However, neither are most of the other answers, in assuming that allowing HTTP traffic is the right way to go. Allowing cleartext traffic in all situations for all hosts totally ignores the reasons why Google changed this in the first place. For production environments HTTPS is nearly always the right way to go. Allowing HTTP in debug environments is of course not an issue, as I mentioned in the comment.

            – beetstra
            Feb 25 at 9:09














          • 13





            how is this upvoted? you'll get a handshake exception if your server url isn't https

            – kkarakk
            Feb 8 at 9:44






          • 4





            upvoted because it's the right thing to do (in production environments). HTTPS should be the default, not HTTP.

            – beetstra
            Feb 18 at 10:56






          • 3





            @beetsta You assume that you have full control over what is serving the content. This answer is therefore naive or flippant in nature.

            – Martin Price
            Feb 22 at 13:59






          • 1





            @beetstra Why should be HTTPS default on a LOCAL machine while debugging? This is so stupid, just another example of Google paternalism. Luckily one can workaround this for debug mode by Tyler's solution.

            – Bevor
            Feb 23 at 18:48











          • @MartinPrice, I agree the answer is too short and not applicable to all situations. However, neither are most of the other answers, in assuming that allowing HTTP traffic is the right way to go. Allowing cleartext traffic in all situations for all hosts totally ignores the reasons why Google changed this in the first place. For production environments HTTPS is nearly always the right way to go. Allowing HTTP in debug environments is of course not an issue, as I mentioned in the comment.

            – beetstra
            Feb 25 at 9:09








          13




          13





          how is this upvoted? you'll get a handshake exception if your server url isn't https

          – kkarakk
          Feb 8 at 9:44





          how is this upvoted? you'll get a handshake exception if your server url isn't https

          – kkarakk
          Feb 8 at 9:44




          4




          4





          upvoted because it's the right thing to do (in production environments). HTTPS should be the default, not HTTP.

          – beetstra
          Feb 18 at 10:56





          upvoted because it's the right thing to do (in production environments). HTTPS should be the default, not HTTP.

          – beetstra
          Feb 18 at 10:56




          3




          3





          @beetsta You assume that you have full control over what is serving the content. This answer is therefore naive or flippant in nature.

          – Martin Price
          Feb 22 at 13:59





          @beetsta You assume that you have full control over what is serving the content. This answer is therefore naive or flippant in nature.

          – Martin Price
          Feb 22 at 13:59




          1




          1





          @beetstra Why should be HTTPS default on a LOCAL machine while debugging? This is so stupid, just another example of Google paternalism. Luckily one can workaround this for debug mode by Tyler's solution.

          – Bevor
          Feb 23 at 18:48





          @beetstra Why should be HTTPS default on a LOCAL machine while debugging? This is so stupid, just another example of Google paternalism. Luckily one can workaround this for debug mode by Tyler's solution.

          – Bevor
          Feb 23 at 18:48













          @MartinPrice, I agree the answer is too short and not applicable to all situations. However, neither are most of the other answers, in assuming that allowing HTTP traffic is the right way to go. Allowing cleartext traffic in all situations for all hosts totally ignores the reasons why Google changed this in the first place. For production environments HTTPS is nearly always the right way to go. Allowing HTTP in debug environments is of course not an issue, as I mentioned in the comment.

          – beetstra
          Feb 25 at 9:09





          @MartinPrice, I agree the answer is too short and not applicable to all situations. However, neither are most of the other answers, in assuming that allowing HTTP traffic is the right way to go. Allowing cleartext traffic in all situations for all hosts totally ignores the reasons why Google changed this in the first place. For production environments HTTPS is nearly always the right way to go. Allowing HTTP in debug environments is of course not an issue, as I mentioned in the comment.

          – beetstra
          Feb 25 at 9:09











          18














          It could be useful for someone.



          We recently had the same issue for Android 9, but we only needed to display some Urls within WebView, nothing very special. So adding android:usesCleartextTraffic="true" to Manifest worked, but we didn't want to compromise security of the whole app for this.
          So the fix was in changing links from http to https






          share|improve this answer





















          • 3





            If I only want to display some URLs I don't need a WebView. I just use a TextView. ;) I suppose you mean you show some html pages. Your fix only works if your server offers SSL. You can't simply change the links.

            – The incredible Jan
            Nov 22 '18 at 13:47






          • 1





            This for sure is the best option whenever possible, but one can't always choose that - either for a performance reason or because simply the resource may not be available in cleartext HTTP.

            – Dakatine
            Jan 24 at 16:04
















          18














          It could be useful for someone.



          We recently had the same issue for Android 9, but we only needed to display some Urls within WebView, nothing very special. So adding android:usesCleartextTraffic="true" to Manifest worked, but we didn't want to compromise security of the whole app for this.
          So the fix was in changing links from http to https






          share|improve this answer





















          • 3





            If I only want to display some URLs I don't need a WebView. I just use a TextView. ;) I suppose you mean you show some html pages. Your fix only works if your server offers SSL. You can't simply change the links.

            – The incredible Jan
            Nov 22 '18 at 13:47






          • 1





            This for sure is the best option whenever possible, but one can't always choose that - either for a performance reason or because simply the resource may not be available in cleartext HTTP.

            – Dakatine
            Jan 24 at 16:04














          18












          18








          18







          It could be useful for someone.



          We recently had the same issue for Android 9, but we only needed to display some Urls within WebView, nothing very special. So adding android:usesCleartextTraffic="true" to Manifest worked, but we didn't want to compromise security of the whole app for this.
          So the fix was in changing links from http to https






          share|improve this answer















          It could be useful for someone.



          We recently had the same issue for Android 9, but we only needed to display some Urls within WebView, nothing very special. So adding android:usesCleartextTraffic="true" to Manifest worked, but we didn't want to compromise security of the whole app for this.
          So the fix was in changing links from http to https







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Sep 17 '18 at 15:44

























          answered Sep 17 '18 at 15:39









          sparkly_frogsparkly_frog

          5101720




          5101720








          • 3





            If I only want to display some URLs I don't need a WebView. I just use a TextView. ;) I suppose you mean you show some html pages. Your fix only works if your server offers SSL. You can't simply change the links.

            – The incredible Jan
            Nov 22 '18 at 13:47






          • 1





            This for sure is the best option whenever possible, but one can't always choose that - either for a performance reason or because simply the resource may not be available in cleartext HTTP.

            – Dakatine
            Jan 24 at 16:04














          • 3





            If I only want to display some URLs I don't need a WebView. I just use a TextView. ;) I suppose you mean you show some html pages. Your fix only works if your server offers SSL. You can't simply change the links.

            – The incredible Jan
            Nov 22 '18 at 13:47






          • 1





            This for sure is the best option whenever possible, but one can't always choose that - either for a performance reason or because simply the resource may not be available in cleartext HTTP.

            – Dakatine
            Jan 24 at 16:04








          3




          3





          If I only want to display some URLs I don't need a WebView. I just use a TextView. ;) I suppose you mean you show some html pages. Your fix only works if your server offers SSL. You can't simply change the links.

          – The incredible Jan
          Nov 22 '18 at 13:47





          If I only want to display some URLs I don't need a WebView. I just use a TextView. ;) I suppose you mean you show some html pages. Your fix only works if your server offers SSL. You can't simply change the links.

          – The incredible Jan
          Nov 22 '18 at 13:47




          1




          1





          This for sure is the best option whenever possible, but one can't always choose that - either for a performance reason or because simply the resource may not be available in cleartext HTTP.

          – Dakatine
          Jan 24 at 16:04





          This for sure is the best option whenever possible, but one can't always choose that - either for a performance reason or because simply the resource may not be available in cleartext HTTP.

          – Dakatine
          Jan 24 at 16:04











          17














          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <domain-config cleartextTrafficPermitted="true">
          <domain includeSubdomains="true">***Your URL(ex: 127.0.0.1)***</domain>
          </domain-config>
          </network-security-config>


          In the suggestion provided above I was providing my URL as http://xyz.abc.com/mno/



          I changed that to xyz.abc.com then it started working.






          share|improve this answer



















          • 1





            As @Lorence said this is very important to remove http://

            – user2725105
            Nov 8 '18 at 11:03








          • 1





            Domain != URL. "http" is the protocol. The protocol is never part of the domain.

            – The incredible Jan
            Nov 22 '18 at 13:52
















          17














          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <domain-config cleartextTrafficPermitted="true">
          <domain includeSubdomains="true">***Your URL(ex: 127.0.0.1)***</domain>
          </domain-config>
          </network-security-config>


          In the suggestion provided above I was providing my URL as http://xyz.abc.com/mno/



          I changed that to xyz.abc.com then it started working.






          share|improve this answer



















          • 1





            As @Lorence said this is very important to remove http://

            – user2725105
            Nov 8 '18 at 11:03








          • 1





            Domain != URL. "http" is the protocol. The protocol is never part of the domain.

            – The incredible Jan
            Nov 22 '18 at 13:52














          17












          17








          17







          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <domain-config cleartextTrafficPermitted="true">
          <domain includeSubdomains="true">***Your URL(ex: 127.0.0.1)***</domain>
          </domain-config>
          </network-security-config>


          In the suggestion provided above I was providing my URL as http://xyz.abc.com/mno/



          I changed that to xyz.abc.com then it started working.






          share|improve this answer













          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <domain-config cleartextTrafficPermitted="true">
          <domain includeSubdomains="true">***Your URL(ex: 127.0.0.1)***</domain>
          </domain-config>
          </network-security-config>


          In the suggestion provided above I was providing my URL as http://xyz.abc.com/mno/



          I changed that to xyz.abc.com then it started working.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Sep 16 '18 at 13:59









          LorenceLorence

          17112




          17112








          • 1





            As @Lorence said this is very important to remove http://

            – user2725105
            Nov 8 '18 at 11:03








          • 1





            Domain != URL. "http" is the protocol. The protocol is never part of the domain.

            – The incredible Jan
            Nov 22 '18 at 13:52














          • 1





            As @Lorence said this is very important to remove http://

            – user2725105
            Nov 8 '18 at 11:03








          • 1





            Domain != URL. "http" is the protocol. The protocol is never part of the domain.

            – The incredible Jan
            Nov 22 '18 at 13:52








          1




          1





          As @Lorence said this is very important to remove http://

          – user2725105
          Nov 8 '18 at 11:03







          As @Lorence said this is very important to remove http://

          – user2725105
          Nov 8 '18 at 11:03






          1




          1





          Domain != URL. "http" is the protocol. The protocol is never part of the domain.

          – The incredible Jan
          Nov 22 '18 at 13:52





          Domain != URL. "http" is the protocol. The protocol is never part of the domain.

          – The incredible Jan
          Nov 22 '18 at 13:52











          10














          My problem in Android 9 was navigating on a webview over domains with http
          The solution from this answer



          <application 
          android:networkSecurityConfig="@xml/network_security_config"
          ...>


          and:



          res/xml/network_security_config.xml



          <?xml version="1.0" encoding="utf-8"?>
          <network-security-config>
          <base-config cleartextTrafficPermitted="true">
          <trust-anchors>
          <certificates src="system" />
          </trust-anchors>
          </base-config>
          </network-security-config>





          share|improve this answer






























            10














            My problem in Android 9 was navigating on a webview over domains with http
            The solution from this answer



            <application 
            android:networkSecurityConfig="@xml/network_security_config"
            ...>


            and:



            res/xml/network_security_config.xml



            <?xml version="1.0" encoding="utf-8"?>
            <network-security-config>
            <base-config cleartextTrafficPermitted="true">
            <trust-anchors>
            <certificates src="system" />
            </trust-anchors>
            </base-config>
            </network-security-config>





            share|improve this answer




























              10












              10








              10







              My problem in Android 9 was navigating on a webview over domains with http
              The solution from this answer



              <application 
              android:networkSecurityConfig="@xml/network_security_config"
              ...>


              and:



              res/xml/network_security_config.xml



              <?xml version="1.0" encoding="utf-8"?>
              <network-security-config>
              <base-config cleartextTrafficPermitted="true">
              <trust-anchors>
              <certificates src="system" />
              </trust-anchors>
              </base-config>
              </network-security-config>





              share|improve this answer















              My problem in Android 9 was navigating on a webview over domains with http
              The solution from this answer



              <application 
              android:networkSecurityConfig="@xml/network_security_config"
              ...>


              and:



              res/xml/network_security_config.xml



              <?xml version="1.0" encoding="utf-8"?>
              <network-security-config>
              <base-config cleartextTrafficPermitted="true">
              <trust-anchors>
              <certificates src="system" />
              </trust-anchors>
              </base-config>
              </network-security-config>






              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Jan 24 at 15:23

























              answered Jan 19 at 15:32









              Pablo CegarraPablo Cegarra

              4,37143555




              4,37143555























                  8














                  Ok, that is ⇒⇒ NOT ⇐⇐ the thousands repeat of add it to your Manifest, but an hint which base on this, but give you additional Benefit (and maybe some Background Info).



                  Android has a kind of overwriting functionality for the src-Directory.



                  By default, you have




                  /app/src/main




                  But you can add additional directories to overwrite your AndroidManifest.xml. Here is how it works:




                  • Create the Directory /app/src/debug

                  • Inside create the AndroidManifest.xml


                  Inside of this File, you don't have to put all the Rules inside, but only the ones you like to overwrite from your /app/src/main/AndroidManifest.xml



                  Here an Example how it looks like for the requested CLEARTEXT-Permission:



                  <manifest xmlns:android="http://schemas.android.com/apk/res/android"
                  package="com.yourappname">

                  <application
                  android:usesCleartextTraffic="true"
                  android:name=".MainApplication"
                  android:label="@string/app_name"
                  android:icon="@mipmap/ic_launcher"
                  android:allowBackup="false"
                  android:theme="@style/AppTheme">
                  </application>

                  </manifest>


                  With this knowledge it's now easy as 1,2,3 for you to overload your Permissions depending on your debug | main | release Enviroment.



                  The big benefit on it... you don't have debug-stuff in your production-Manifest and you keep an straight and easy maintainable structure






                  share|improve this answer



















                  • 1





                    This is definitely the proper solution. Android has added these security settings for a reason, so they should stand. Your solutions allows us to test on local insecure environments, while the production builds will still have the recommended security settings. Thank you!

                    – Coo
                    Apr 23 at 8:37
















                  8














                  Ok, that is ⇒⇒ NOT ⇐⇐ the thousands repeat of add it to your Manifest, but an hint which base on this, but give you additional Benefit (and maybe some Background Info).



                  Android has a kind of overwriting functionality for the src-Directory.



                  By default, you have




                  /app/src/main




                  But you can add additional directories to overwrite your AndroidManifest.xml. Here is how it works:




                  • Create the Directory /app/src/debug

                  • Inside create the AndroidManifest.xml


                  Inside of this File, you don't have to put all the Rules inside, but only the ones you like to overwrite from your /app/src/main/AndroidManifest.xml



                  Here an Example how it looks like for the requested CLEARTEXT-Permission:



                  <manifest xmlns:android="http://schemas.android.com/apk/res/android"
                  package="com.yourappname">

                  <application
                  android:usesCleartextTraffic="true"
                  android:name=".MainApplication"
                  android:label="@string/app_name"
                  android:icon="@mipmap/ic_launcher"
                  android:allowBackup="false"
                  android:theme="@style/AppTheme">
                  </application>

                  </manifest>


                  With this knowledge it's now easy as 1,2,3 for you to overload your Permissions depending on your debug | main | release Enviroment.



                  The big benefit on it... you don't have debug-stuff in your production-Manifest and you keep an straight and easy maintainable structure






                  share|improve this answer



















                  • 1





                    This is definitely the proper solution. Android has added these security settings for a reason, so they should stand. Your solutions allows us to test on local insecure environments, while the production builds will still have the recommended security settings. Thank you!

                    – Coo
                    Apr 23 at 8:37














                  8












                  8








                  8







                  Ok, that is ⇒⇒ NOT ⇐⇐ the thousands repeat of add it to your Manifest, but an hint which base on this, but give you additional Benefit (and maybe some Background Info).



                  Android has a kind of overwriting functionality for the src-Directory.



                  By default, you have




                  /app/src/main




                  But you can add additional directories to overwrite your AndroidManifest.xml. Here is how it works:




                  • Create the Directory /app/src/debug

                  • Inside create the AndroidManifest.xml


                  Inside of this File, you don't have to put all the Rules inside, but only the ones you like to overwrite from your /app/src/main/AndroidManifest.xml



                  Here an Example how it looks like for the requested CLEARTEXT-Permission:



                  <manifest xmlns:android="http://schemas.android.com/apk/res/android"
                  package="com.yourappname">

                  <application
                  android:usesCleartextTraffic="true"
                  android:name=".MainApplication"
                  android:label="@string/app_name"
                  android:icon="@mipmap/ic_launcher"
                  android:allowBackup="false"
                  android:theme="@style/AppTheme">
                  </application>

                  </manifest>


                  With this knowledge it's now easy as 1,2,3 for you to overload your Permissions depending on your debug | main | release Enviroment.



                  The big benefit on it... you don't have debug-stuff in your production-Manifest and you keep an straight and easy maintainable structure






                  share|improve this answer













                  Ok, that is ⇒⇒ NOT ⇐⇐ the thousands repeat of add it to your Manifest, but an hint which base on this, but give you additional Benefit (and maybe some Background Info).



                  Android has a kind of overwriting functionality for the src-Directory.



                  By default, you have




                  /app/src/main




                  But you can add additional directories to overwrite your AndroidManifest.xml. Here is how it works:




                  • Create the Directory /app/src/debug

                  • Inside create the AndroidManifest.xml


                  Inside of this File, you don't have to put all the Rules inside, but only the ones you like to overwrite from your /app/src/main/AndroidManifest.xml



                  Here an Example how it looks like for the requested CLEARTEXT-Permission:



                  <manifest xmlns:android="http://schemas.android.com/apk/res/android"
                  package="com.yourappname">

                  <application
                  android:usesCleartextTraffic="true"
                  android:name=".MainApplication"
                  android:label="@string/app_name"
                  android:icon="@mipmap/ic_launcher"
                  android:allowBackup="false"
                  android:theme="@style/AppTheme">
                  </application>

                  </manifest>


                  With this knowledge it's now easy as 1,2,3 for you to overload your Permissions depending on your debug | main | release Enviroment.



                  The big benefit on it... you don't have debug-stuff in your production-Manifest and you keep an straight and easy maintainable structure







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jan 24 at 21:02









                  suthersuther

                  3,79012453




                  3,79012453








                  • 1





                    This is definitely the proper solution. Android has added these security settings for a reason, so they should stand. Your solutions allows us to test on local insecure environments, while the production builds will still have the recommended security settings. Thank you!

                    – Coo
                    Apr 23 at 8:37














                  • 1





                    This is definitely the proper solution. Android has added these security settings for a reason, so they should stand. Your solutions allows us to test on local insecure environments, while the production builds will still have the recommended security settings. Thank you!

                    – Coo
                    Apr 23 at 8:37








                  1




                  1





                  This is definitely the proper solution. Android has added these security settings for a reason, so they should stand. Your solutions allows us to test on local insecure environments, while the production builds will still have the recommended security settings. Thank you!

                  – Coo
                  Apr 23 at 8:37





                  This is definitely the proper solution. Android has added these security settings for a reason, so they should stand. Your solutions allows us to test on local insecure environments, while the production builds will still have the recommended security settings. Thank you!

                  – Coo
                  Apr 23 at 8:37











                  7














                  Okay, I have figured this out. It is due to the Manifest parameter android:targetSandboxVersion="2", that I have added because we also have Instant App version - it should make sure than once user upgrades from Instant App to regular app, he will not loose his data with the transfer. However as the vague description suggest:




                  Specifies the target sandbox this app wants to use. Higher sanbox versions will have increasing levels of security.



                  The default value of this attribute is 1.




                  It obviously also adds new level of security policy, at least on Android 8.






                  share|improve this answer




























                    7














                    Okay, I have figured this out. It is due to the Manifest parameter android:targetSandboxVersion="2", that I have added because we also have Instant App version - it should make sure than once user upgrades from Instant App to regular app, he will not loose his data with the transfer. However as the vague description suggest:




                    Specifies the target sandbox this app wants to use. Higher sanbox versions will have increasing levels of security.



                    The default value of this attribute is 1.




                    It obviously also adds new level of security policy, at least on Android 8.






                    share|improve this answer


























                      7












                      7








                      7







                      Okay, I have figured this out. It is due to the Manifest parameter android:targetSandboxVersion="2", that I have added because we also have Instant App version - it should make sure than once user upgrades from Instant App to regular app, he will not loose his data with the transfer. However as the vague description suggest:




                      Specifies the target sandbox this app wants to use. Higher sanbox versions will have increasing levels of security.



                      The default value of this attribute is 1.




                      It obviously also adds new level of security policy, at least on Android 8.






                      share|improve this answer













                      Okay, I have figured this out. It is due to the Manifest parameter android:targetSandboxVersion="2", that I have added because we also have Instant App version - it should make sure than once user upgrades from Instant App to regular app, he will not loose his data with the transfer. However as the vague description suggest:




                      Specifies the target sandbox this app wants to use. Higher sanbox versions will have increasing levels of security.



                      The default value of this attribute is 1.




                      It obviously also adds new level of security policy, at least on Android 8.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Aug 30 '17 at 8:15









                      david.sdavid.s

                      2,013388




                      2,013388























                          4














                          For React Native projects



                          It was already fixed on RN 0.59.
                          You can find on upgrade diff from 0.58.6 to 0.59
                          You can apply it without upgrading you RN versionust follow the below steps:



                          Create files:



                          android/app/src/debug/res/xml/react_native_config.xml -



                          <?xml version="1.0" encoding="utf-8"?>
                          <network-security-config>
                          <domain-config cleartextTrafficPermitted="true">
                          <domain includeSubdomains="false">localhost</domain>
                          <domain includeSubdomains="false">10.0.2.2</domain>
                          <domain includeSubdomains="false">10.0.3.2</domain>
                          </domain-config>
                          </network-security-config>


                          android/app/src/debug/AndroidManifest.xml -



                          <?xml version="1.0" encoding="utf-8"?>
                          <manifest xmlns:android="http://schemas.android.com/apk/res/android"
                          xmlns:tools="http://schemas.android.com/tools">

                          <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>

                          <application tools:targetApi="28"
                          tools:ignore="GoogleAppIndexingWarning"
                          android:networkSecurityConfig="@xml/react_native_config" />
                          </manifest>


                          Check the accepted answer to know the root cause.






                          share|improve this answer




























                            4














                            For React Native projects



                            It was already fixed on RN 0.59.
                            You can find on upgrade diff from 0.58.6 to 0.59
                            You can apply it without upgrading you RN versionust follow the below steps:



                            Create files:



                            android/app/src/debug/res/xml/react_native_config.xml -



                            <?xml version="1.0" encoding="utf-8"?>
                            <network-security-config>
                            <domain-config cleartextTrafficPermitted="true">
                            <domain includeSubdomains="false">localhost</domain>
                            <domain includeSubdomains="false">10.0.2.2</domain>
                            <domain includeSubdomains="false">10.0.3.2</domain>
                            </domain-config>
                            </network-security-config>


                            android/app/src/debug/AndroidManifest.xml -



                            <?xml version="1.0" encoding="utf-8"?>
                            <manifest xmlns:android="http://schemas.android.com/apk/res/android"
                            xmlns:tools="http://schemas.android.com/tools">

                            <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>

                            <application tools:targetApi="28"
                            tools:ignore="GoogleAppIndexingWarning"
                            android:networkSecurityConfig="@xml/react_native_config" />
                            </manifest>


                            Check the accepted answer to know the root cause.






                            share|improve this answer


























                              4












                              4








                              4







                              For React Native projects



                              It was already fixed on RN 0.59.
                              You can find on upgrade diff from 0.58.6 to 0.59
                              You can apply it without upgrading you RN versionust follow the below steps:



                              Create files:



                              android/app/src/debug/res/xml/react_native_config.xml -



                              <?xml version="1.0" encoding="utf-8"?>
                              <network-security-config>
                              <domain-config cleartextTrafficPermitted="true">
                              <domain includeSubdomains="false">localhost</domain>
                              <domain includeSubdomains="false">10.0.2.2</domain>
                              <domain includeSubdomains="false">10.0.3.2</domain>
                              </domain-config>
                              </network-security-config>


                              android/app/src/debug/AndroidManifest.xml -



                              <?xml version="1.0" encoding="utf-8"?>
                              <manifest xmlns:android="http://schemas.android.com/apk/res/android"
                              xmlns:tools="http://schemas.android.com/tools">

                              <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>

                              <application tools:targetApi="28"
                              tools:ignore="GoogleAppIndexingWarning"
                              android:networkSecurityConfig="@xml/react_native_config" />
                              </manifest>


                              Check the accepted answer to know the root cause.






                              share|improve this answer













                              For React Native projects



                              It was already fixed on RN 0.59.
                              You can find on upgrade diff from 0.58.6 to 0.59
                              You can apply it without upgrading you RN versionust follow the below steps:



                              Create files:



                              android/app/src/debug/res/xml/react_native_config.xml -



                              <?xml version="1.0" encoding="utf-8"?>
                              <network-security-config>
                              <domain-config cleartextTrafficPermitted="true">
                              <domain includeSubdomains="false">localhost</domain>
                              <domain includeSubdomains="false">10.0.2.2</domain>
                              <domain includeSubdomains="false">10.0.3.2</domain>
                              </domain-config>
                              </network-security-config>


                              android/app/src/debug/AndroidManifest.xml -



                              <?xml version="1.0" encoding="utf-8"?>
                              <manifest xmlns:android="http://schemas.android.com/apk/res/android"
                              xmlns:tools="http://schemas.android.com/tools">

                              <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>

                              <application tools:targetApi="28"
                              tools:ignore="GoogleAppIndexingWarning"
                              android:networkSecurityConfig="@xml/react_native_config" />
                              </manifest>


                              Check the accepted answer to know the root cause.







                              share|improve this answer












                              share|improve this answer



                              share|improve this answer










                              answered Mar 13 at 16:51









                              Erick M. SprengelErick M. Sprengel

                              7211511




                              7211511























                                  0














                                  Upgrade to React Native 0.58.5 or higher version.
                                  They have includeSubdomain in their config files in RN 0.58.5.



                                  ChangeLog



                                  In Rn 0.58.5 they have declared network_security_config with their server domain. Network security configuration allows an app to permit cleartext traffic from a certain domain. So no need to put extra effort by declaring android:usesCleartextTraffic="true" in the application tag of your manifest file. It will be resolved automatically after upgrading the RN Version.






                                  share|improve this answer






























                                    0














                                    Upgrade to React Native 0.58.5 or higher version.
                                    They have includeSubdomain in their config files in RN 0.58.5.



                                    ChangeLog



                                    In Rn 0.58.5 they have declared network_security_config with their server domain. Network security configuration allows an app to permit cleartext traffic from a certain domain. So no need to put extra effort by declaring android:usesCleartextTraffic="true" in the application tag of your manifest file. It will be resolved automatically after upgrading the RN Version.






                                    share|improve this answer




























                                      0












                                      0








                                      0







                                      Upgrade to React Native 0.58.5 or higher version.
                                      They have includeSubdomain in their config files in RN 0.58.5.



                                      ChangeLog



                                      In Rn 0.58.5 they have declared network_security_config with their server domain. Network security configuration allows an app to permit cleartext traffic from a certain domain. So no need to put extra effort by declaring android:usesCleartextTraffic="true" in the application tag of your manifest file. It will be resolved automatically after upgrading the RN Version.






                                      share|improve this answer















                                      Upgrade to React Native 0.58.5 or higher version.
                                      They have includeSubdomain in their config files in RN 0.58.5.



                                      ChangeLog



                                      In Rn 0.58.5 they have declared network_security_config with their server domain. Network security configuration allows an app to permit cleartext traffic from a certain domain. So no need to put extra effort by declaring android:usesCleartextTraffic="true" in the application tag of your manifest file. It will be resolved automatically after upgrading the RN Version.







                                      share|improve this answer














                                      share|improve this answer



                                      share|improve this answer








                                      edited Mar 27 at 7:28









                                      tripleee

                                      97.1k14136191




                                      97.1k14136191










                                      answered Mar 26 at 8:48









                                      Dishant WaliaDishant Walia

                                      614




                                      614

















                                          protected by Community Nov 25 '18 at 18:49



                                          Thank you for your interest in this question.
                                          Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



                                          Would you like to answer one of these unanswered questions instead?



                                          這個網誌中的熱門文章

                                          Xamarin.form Move up view when keyboard appear

                                          Post-Redirect-Get with Spring WebFlux and Thymeleaf

                                          Anylogic : not able to use stopDelay()