本文翻译自:Android 8: Cleartext HTTP traffic not permitted
I had reports from users with Android 8 that my app (that uses back-end feed) does not show content. 我收到来自Android 8用户的报告,称我的应用程序(使用后端供稿)未显示内容。 After investigation I found following Exception happening on Android 8: 经过调查,我发现以下异常发生在Android 8上:
08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
(I've removed package name, URL and other possible identifiers) (我删除了程序包名称,URL和其他可能的标识符)
On Android 7 and lower everything works, I do not set android:usesCleartextTraffic in Manifest (and setting it to true does not help, that is the default value anyway), neither do I use Network Security Information. 在Android 7及更低版本上,一切正常,我没有在清单中设置android:usesCleartextTraffic (并且将其设置为true无济于事,这始终是默认值),我也不使用网络安全信息。 If I call NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted() , it returns false for Android 8, true for older version, using the same apk file. 如果我调用NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted() ,则对于Android 8,它会使用相同的apk文件返回false (对于较早的版本为true 。 I tried to find some mention of this on Google info about Android O, but without success. 我试图在Google有关Android O的信息中找到对此的提及,但没有成功。
#1楼
参考:https://stackoom.com/question/36lJd/Android-不允许使用明文HTTP流量
#2楼
Okay, I have figured this out. 好的,我知道了。 It is due to the Manifest parameter android:targetSandboxVersion="2" , that I have added because we also have Instant App version - it should make sure than once user upgrades from Instant App to regular app, he will not loose his data with the transfer. 这是由于我添加了Manifest参数android:targetSandboxVersion="2" ,因为我们还具有Instant App版本-它应该确保用户一旦从Instant App升级到常规应用程序,就不会丢失其数据。传递。 However as the vague description suggest: 但是,模糊的描述表明:
Specifies the target sandbox this app wants to use. 指定此应用要使用的目标沙箱。 Higher sanbox versions will have increasing levels of security. 更高的sanbox版本将具有越来越高的安全级别。
The default value of this attribute is 1. 此属性的默认值为1。
It obviously also adds new level of security policy, at least on Android 8. 显然,它至少在Android 8上也增加了新级别的安全策略。
#3楼
In the AndroidManifest I found this parameter: 在AndroidManifest中,我找到了此参数:
android:networkSecurityConfig="@xml/network_security_config"
and @xml/network_security_config is defined in network_security_config.xml as: @@ xml / network_security_config在network_security_config.xml中定义为:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<!--Set application-wide security config using base-config tag.-->
<base-config cleartextTrafficPermitted="false"/>
</network-security-config>
just I changed cleartextTrafficPermitted to true 只是我将cleartextTrafficPermitted更改为true
#4楼
According to Network security configuration - 根据网络安全配置 -
Starting with Android 9 (API level 28), cleartext support is disabled by default. 从Android 9(API级别28)开始,默认情况下禁用明文支持。
Also have a look at - https://koz.io/android-m-and-the-war-on-cleartext-traffic/ 还可以看看-https: //koz.io/android-m-and-the-war-on-cleartext-traffic/
Option 1 - 选项1 -
Create file res/xml/network_security_config.xml - 创建文件res / xml / network_security_config.xml-
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">domain.com (to be adjusted)</domain>
</domain-config>
</network-security-config>
AndroidManifest.xml - AndroidManifest.xml-
<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:networkSecurityConfig="@xml/network_security_config"
...>
...
</application>
</manifest>
Option 2 - 选项2-
android:usesCleartextTraffic Doc android:usesCleartextTraffic Doc
AndroidManifest.xml - AndroidManifest.xml-
<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:usesCleartextTraffic="true"
...>
...
</application>
</manifest>
Also as @david.s' answer pointed out android:targetSandboxVersion can be a problem too - 也正如@ david.s的答案指出android:targetSandboxVersion可能也是一个问题-
According to Manifest Docs - 根据清单文件 -
android:targetSandboxVersionThe target sandbox for this app to use. 此应用要使用的目标沙箱。 The higher the sandbox version number, the higher the level of security. 沙盒版本号越高,安全级别越高。 Its default value is 1; 默认值为1;默认值为1。 you can also set it to 2. Setting this attribute to 2 switches the app to a different SELinux sandbox. 您也可以将其设置为2。将此属性设置为2会将应用程序切换到其他SELinux沙箱。 The following restrictions apply to a level 2 sandbox: 以下限制适用于2级沙箱:
- The default value of
usesCleartextTrafficin the Network Security Config is false. 网络安全配置中的usesCleartextTraffic的默认值为false。- Uid sharing is not permitted. 不允许共享Uid。
So Option 3 - 所以选项3-
If you have android:targetSandboxVersion in <manifest> then reduce it to 1 如果您在<manifest>具有android:targetSandboxVersion ,则将其减小为1
AndroidManifest.xml - AndroidManifest.xml-
<?xml version="1.0" encoding="utf-8"?>
<manifest android:targetSandboxVersion="1">
<uses-permission android:name="android.permission.INTERNET" />
...
</manifest>
#5楼
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">***Your URL(ex: 127.0.0.1)***</domain>
</domain-config>
</network-security-config>
In the suggestion provided above I was providing my URL as http://xyz.abc.com/mno/ 在以上提供的建议中,我提供的网址为http://xyz.abc.com/mno/
I changed that to xyz.abc.com then it started working. 我将其更改为xyz.abc.com,然后开始工作。
#6楼
It could be useful for someone. 对某人可能有用。
We recently had the same issue for Android 9, but we only needed to display some Urls within WebView, nothing very special. 我们最近在Android 9上也遇到了同样的问题,但是我们只需要在WebView中显示一些Urls,没有什么特别的。 So adding android:usesCleartextTraffic="true" to Manifest worked, but we didn't want to compromise security of the whole app for this. 因此,向Manifest添加android:usesCleartextTraffic="true"是android:usesCleartextTraffic="true" ,但是我们不想为此牺牲整个应用程序的安全性。 So the fix was in changing links from http to https 因此,解决方法是将链接从http更改为https
