Why am I seeing net::ERR_CLEARTEXT_NOT_PERMITTED errors after upgrading to Cordova Android 8?

Question

After upgrading to Cordova Android 8.0, I am seeing net::ERR_CLEARTEXT_NOT_PERMITTED errors when trying to connect to http:// targets.

Why is that and how can I resolve this?

Oliver Salzburg · Accepted Answer · 2019-05-28T09:09:10.927

289

The default API level in the Cordova Android platform has been upgraded. On an Android 9 device, clear text communication is now disabled by default.

To allow clear text communication again, set the android:usesCleartextTraffic on your application tag to true:

<platform name="android">
  <edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application">
      <application android:usesCleartextTraffic="true" />
  </edit-config>
</platform>

As noted in the comments, if you have not defined the android XML namespace previously, you will receive an error: unbound prefix during build. This indicates that you need to add it to your widget tag in the same config.xml, like so:

<widget id="you-app-id" version="1.2.3"
xmlns="http://www.w3.org/ns/widgets" 
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:cdv="http://cordova.apache.org/ns/1.0">

edited May 28 '19 at 09:09

answered Feb 18 '19 at 17:44

Oliver Salzburg

21,652
20
93
138

44

I encountered an error (`error: unbound prefix.`) when trying to build my Cordova application. The solution was to add in my `config.xml` file, in the my root `` element the attribute `xmlns:android="http://schemas.android.com/apk/res/android` – apiaget Mar 17 '19 at 14:49
@Der Hochstapler Can you add apiagets comment to your answer? – Michael B May 28 '19 at 08:47
1

@MichaelB Everyone can edit answers and is welcome to do so. But, sure, I'll do it. – Oliver Salzburg May 28 '19 at 08:58
1

@SteevJames Did you rebuild your Cordova project so that the changes are actually persisted into the Android project structure? Have you verified that the changes have been made to the `AndroidManifest.xml` in your Android project? – Oliver Salzburg Sep 10 '19 at 07:59
this work but in my case i have to remove platform android and then after it work. – kunal shaktawat Nov 09 '19 at 20:23
3

In short, I added this line to my manifest under `` and it fixed my issue: `android:usesCleartextTraffic="true"` – ConcernedHobbit Dec 20 '19 at 17:27
I add in `edit-config` this: `api.example.com(to be adjusted)` and it's work for me. https://stackoverflow.com/questions/45940861/android-8-cleartext-http-traffic-not-permitted – Or Choban Apr 11 '20 at 22:34
this is all good but which files am I supposed to add this to? – Saba Ahang Sep 03 '20 at 09:13
manually add "android:usesCleartextTraffic="true" to platforms/android/AndroidManifest.xml is the only fix for me on cordova@9.0.0. a js script for auto replace it https://gist.github.com/JaosnHsieh/532d3b790090e1099415f1c11f2a7b62 – JasonHsieh Sep 24 '20 at 06:00
That was not enough in my case. I also had to specify the host I needed to communicate with as described in this answer: https://stackoverflow.com/a/57108997/3095695 – Aros Oct 01 '20 at 15:36
You saved me! I was desperate to connect to a websocket server without ssl :^P – tecnobillo Nov 03 '20 at 22:55

score 53 · Answer 2 · answered May 22 '19 at 18:07

There are two things to correct in config.xml So the right answer should be adding the xmls:android:

<widget id="com.my.awesomeapp" version="1.0.0" 
xmlns="http://www.w3.org/ns/widgets"
xmlns:android="http://schemas.android.com/apk/res/android" 
xmlns:cdv="http://cordova.apache.org/ns/1.0">

plus editing the config to allow:

<platform name="android">
  <edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application">
      <application android:usesCleartextTraffic="true" />
  </edit-config>
</platform>

If step 1 is avoided error: unbound prefix. will appear

results syntax error in config.xml file – Muhammad Zakaria May 15 '22 at 10:07 — Muhammad Zakaria, May 15 '22 at 10:07

Ashutosh · Answer 3 · 2019-12-31T16:13:28.800

49

Cleartext here represents unencrypted information. Since Android 9, it is recommended that apps should call HTTPS APIs to make sure there is no eves dropping.

However, if we still need to call HTTP APIs, we can do following:

Platform: Ionic 4

Create a file named: network_security_config.xml under project-root/resources/android/xml

Add following lines:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
   <domain-config cleartextTrafficPermitted="true">
     <domain>ip-or-domain-name</domain>
   </domain-config>
</network-security-config>

Now in project-root/config.xml, update following lines:

<platform name="android">
    <edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
        <application android:usesCleartextTraffic="true" />
        <application android:networkSecurityConfig="@xml/network_security_config" />
    </edit-config>
    ... other statements...

It should work now.

edited Dec 31 '19 at 16:13

answered Jul 19 '19 at 09:01

Ashutosh

4,371
10
59
105

1

Thanks bro, It worked for me for Ionic 4. I specified domain name example.com and it worked. Also got help from this "https://developer.android.com/training/articles/security-config" – Zaki Mohammed Aug 24 '19 at 02:40
Why is the " – Jalle Oct 12 '19 at 07:43
5

This works but I need to add this line in ```config.xml``` before the ```edit-config``` tag: ``````. Thanks! – tyn Nov 07 '19 at 09:39
@ZakiMohammed please share your code i am also facing a same problem help! – jose Nov 07 '19 at 12:42
@jose please have a look to my answer – Zaki Mohammed Nov 07 '19 at 13:31

score 37 · Answer 4 · answered Jun 07 '19 at 12:12

37

To solve the problem there's other option. in file resources/android/xml/network_security_config.xml. insert:

<network-security-config>
   <base-config cleartextTrafficPermitted="true">
       <trust-anchors>
           <certificates src="system" />
       </trust-anchors>
   </base-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain>localhost</domain>
        <domain includeSubdomains="true">192.168.7.213:8733</domain>
    </domain-config>
</network-security-config>

Im my case I´m using IP address then base-config is necessary, but if you have a domain. just add the domain.

answered Jun 07 '19 at 12:12

Edvan Souza

1,058
9
11

While all the accepted solution was also required, this answer was key for the problem I was facing. – Peter Meadley Aug 02 '19 at 10:15
Thank you! I'm also using an IP instead of a domain name and your answer fit perfectly! – early Apr 23 '20 at 17:09

score 34 · Answer 5 · answered Nov 17 '19 at 02:18

34

I ran into this problem myself today, and found a really nifty plugin that will save you the hassle of trying to manually allow cleartext traffic in Android 9+ for your Apache Cordova application. Simply install cordova-plugin-cleartext, and the plugin should take care of all the behind the scenes Android stuff for you.

$ cordova plugin add cordova-plugin-cleartext
$ cordova prepare
$ cordova run android

answered Nov 17 '19 at 02:18

topherPedersen

541
7
15

1

For others looking for the answer. I kept getting hit by other errors when applying the config fixes, but this worked straight away. Thanks Topher – IvanSt Dec 14 '19 at 10:58
Works for me. Thx! – iwanuschka Jun 07 '20 at 19:43
For those using, Ionic don't forget "ionic cordova prepare" – Fractal Mind Apr 03 '21 at 03:17

score 18 · Answer 6 · answered Nov 16 '19 at 15:50

18

After a few days of struggle, this works for me, and I hope this also works for you.

add this to your CONFIG.XML, top of your code.

<access origin="*" />
<allow-navigation href="*" />

and this, under the platform android.

<edit-config file="app/src/main/AndroidManifest.xml" 
   mode="merge" target="/manifest/application" 
   xmlns:android="http://schemas.android.com/apk/res/android">
     <application android:usesCleartextTraffic="true" />
     <application android:networkSecurityConfig="@xml/network_security_config" />
 </edit-config>
 <resource-file src="resources/android/xml/network_security_config.xml" 
 target="app/src/main/res/xml/network_security_config.xml" />

add the follow code to this file "resources/android/xml/network_security_config.xml".

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">localhost</domain>
        <domain includeSubdomains="true">YOUR DOMAIN HERE/IP</domain>
    </domain-config>
</network-security-config>

answered Nov 16 '19 at 15:50

Sushil

2,324
1
27
26

Can you please answer this ?https://stackoverflow.com/questions/59116787/failed-to-load-resource-neterr-cleartext-not-permitted – pratik jaiswal Dec 03 '19 at 12:04
1

thanks for you solution, It's the only one that worked for me. – Lud Osorio Dec 03 '19 at 17:58
Thanks, its the only solution one that worked for me to. – Gerardo Salazar Sánchez Jan 28 '20 at 17:06
This was the solution that worked for me. Specifically it seemed the `trust-anchors` tags was the final component to get all the other stuff working. – rolinger Mar 15 '20 at 16:56
If you are using phonegab build then keep network_security_config on root folder and give path as resource-file src="network_security_config.xml" – mujaffars Jul 25 '20 at 05:38
For those using, Ionic don't forget "ionic cordova prepare" – Fractal Mind Apr 03 '21 at 03:16

score 15 · Answer 7 · answered Apr 21 '19 at 21:49

15

Adding the following attribute within the opening < widget > tag worked for me. Simple and live reloads correctly on a Android 9 emulator. xmlns:android="http://schemas.android.com/apk/res/android"

<widget id="com.my.awesomeapp" version="1.0.0" 
xmlns="http://www.w3.org/ns/widgets"
xmlns:android="http://schemas.android.com/apk/res/android" 
xmlns:cdv="http://cordova.apache.org/ns/1.0">

answered Apr 21 '19 at 21:49

Mark McCorkle

9,349
2
32
42

2

I did not realize when I saw this answer, but this is _in addition to_ the `edit-config` code from the accepted answer (fixes the `unbound prefix` error) – RishiG May 20 '19 at 22:52
@RishiG now it is an answer that explains the full right answer – zardilior May 22 '19 at 18:09
@zardilior Yes, congrats on him for hijacking the answer on an edit... lol – Mark McCorkle Oct 28 '19 at 15:12

score 11 · Answer 8 · answered Jan 22 '20 at 09:36

11

Im using IONIC 5.4.13, cordova 9.0.0 (cordova-lib@9.0.1)

I might be repeating information but for me problem started appearing after adding some plugin (not sure yet). I tried all above combinations, but nothing worked. It only started working after adding:

   <base-config cleartextTrafficPermitted="true">
       <trust-anchors>
           <certificates src="system" />
       </trust-anchors>
   </base-config>

to file in project at

resources/android/xml/network_security_config.xml

so my network_security_config.xml file now looks like:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
   <base-config cleartextTrafficPermitted="true">
       <trust-anchors>
           <certificates src="system" />
       </trust-anchors>
   </base-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">localhost</domain>
        <domain includeSubdomains="true">10.1.25.10</domain>
    </domain-config>
</network-security-config>

Thanks to all.

answered Jan 22 '20 at 09:36

Rajendra

1,118
15
20

How is this different from the existing Ionic solution(s)? – Oliver Salzburg Jan 23 '20 at 09:17
situation is different. remember people come here from google search. there might be different situation and settings they land in this issue. in my case my project was working fine and it just started giving this error even i have not done any platform update or device update. – Rajendra Jan 23 '20 at 14:52
Because people end up here from a Google search, it should be in everyone's interested to present a useful list of solutions and not many duplicates that only make minor adjustments. Instead, you should try to improve an existing answer. – Oliver Salzburg Jan 24 '20 at 11:31
Sorry @Det Hochstapler, I do agree with you at some extent. I don't want to stretch this too much. But as per my opinion, adding to original answer will unnecessarily make it complex. As I said there is nothing much in answer but it matters in which situations I'm getting error. I'm still finding out more about it and I'll definitely add to my answer about it. – Rajendra Jan 24 '20 at 12:47
1

Thanks champ, this worked for me :) -- it's nice to have the confirmation of version updates for working solutions, as time goes by and old solutions no longer work, especially in a volatile ever-changing framework. – Grant Mar 21 '20 at 12:44
2

thanks mate, wanted to say that for me this was the only working solution – Anakin001 May 18 '20 at 15:54
2

Thanks. This solved my problem. I tried many other suggestions but was not working. – MasterJedi Jun 04 '20 at 02:41
Welcome, @MasterJedi ... In the latest ionic, I guess this is built-in. – Rajendra Jun 08 '20 at 09:33
I still have one issue, how to make IP/domain in includeSubdomains part dynamic or wildcard. As I'm dealing with IoT devices, and IPs of every customer device is not predictable. So how to resolve this for an app that needs to be distributed over PlayStore. Now I have switched to the latest ionic and I still have this issue. I know I can resolve it by hardcoding IP, but I don't want it like that. – Rajendra Jul 26 '20 at 05:10

score 10 · Answer 9 · answered Nov 11 '20 at 10:02

After reading the whole discussion looking for a way to authorize communication to all IP addresses as in my case the IP address to where the request will be sent is defined by the user in an input text and can not be defined in the configuration file. Here is how I resolved the issue

here are the configuration

config.xml

<platform name="android">
...
        <edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
            <application android:networkSecurityConfig="@xml/network_security_config" />
        </edit-config>
        <resource-file src="resources/android/xml/network_security_config.xml" target="app/src/main/res/xml/network_security_config.xml" />
...
</platform>

resources/android/xml/network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true" />
</network-security-config>

The most important piece of code is <base-config cleartextTrafficPermitted="true" /> in <network-security-config> instead of domain-config

setting the **base-config** element resolved the issue, thanks a ton! — Nexus, Oct 25 '21 at 21:30

mustafa mohamed · Answer 10 · 2019-08-18T16:04:37.727

7

you should add

<base-config cleartextTrafficPermitted="true">
    <trust-anchors>
        <certificates src="system" />
    </trust-anchors>
</base-config>

to

resources/android/xml/network_security_config.xml

like this

<network-security-config>
<base-config cleartextTrafficPermitted="true">
    <trust-anchors>
        <certificates src="system" />
    </trust-anchors>
</base-config>

<domain-config cleartextTrafficPermitted="true">
    <domain includeSubdomains="true">localhost</domain>
</domain-config> </network-security-config>

edited Aug 18 '19 at 16:04

answered Aug 18 '19 at 15:59

mustafa mohamed

135
2
6

Why is this important? – Tomas Vancoillie Oct 25 '19 at 07:27

Manoj Alwis · Answer 11 · 2021-03-18T01:24:38.600

7

Just add this line to platforms/android/app/src/main/AndroidManifest.xml file

<application android:hardwareAccelerated="true" android:icon="@mipmap/ic_launcher" android:label="@string/app_name" android:supportsRtl="true" **android:usesCleartextTraffic="true"**>

edited Mar 18 '21 at 01:24

answered Jul 19 '20 at 06:49

Manoj Alwis

1,337
11
24

score 6 · Answer 12 · answered Nov 07 '19 at 13:30

Following is the solution which worked for me. The files which I updated are as follows:

config.xml (Full Path: /config.xml)
network_security_config.xml (Full Path: /resources/android/xml/network_security_config.xml)

Changes in the corresponding files are as follows:

1. config.xml

I have added <application android:usesCleartextTraffic="true" /> tag within <edit-config> tag in the config.xml file

<platform name="android">
    <edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
        <application android:usesCleartextTraffic="true" />
        <application android:networkSecurityConfig="@xml/network_security_config" />
    </edit-config>
    ...
<platform name="android">

2. network_security_config.xml

In this file I have added 2 <domain> tag within <domain-config> tag, the main domain and a sub domain as per my project requirement

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">mywebsite.in</domain>
        <domain includeSubdomains="true">api.mywebsite.in</domain>
    </domain-config>
</network-security-config>

Thanks @Ashutosh for the providing the help.

Hope it helps.

score 3 · Answer 13 · answered Apr 01 '20 at 08:33

Following solution worked for me-

goto resources/android/xml/network_security_config.xml Change it to-

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">localhost</domain>
        <domain includeSubdomains="true">api.example.com(to be adjusted)</domain>
    </domain-config>
</network-security-config>

score 2 · Answer 14 · answered Jul 03 '19 at 21:58

2

Old ionic cli (4.2) was causing issue in my case, update to 5 solve the problem

answered Jul 03 '19 at 21:58

hugo blanc

310
3
14

Thank you. This was the solution for me. I had a separate build process running on App Center that was installing ionic to run ionic cli commands. They have deprecated "ionic" in favor of "@ionic/cli". – MarkHoward02 Jun 02 '20 at 02:31

score 2 · Answer 15 · answered Apr 16 '21 at 14:34

I am running Ionic 5 with Vue and Capacitor 3 and was getting this error using the InAppBrowser for a website that doesn't support https. For Capacitor apps, config.xml isn't used and AndroidManifest.xml is edited directly.

First, create the Network Security Config file here YOUR_IONIC_APP_ROOT\android\app\main\res\xml\network_security_config.xml.

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
   <domain-config cleartextTrafficPermitted="true">
        <domain>www.example.com</domain>
   </domain-config>
</network-security-config>

Then edit YOUR_IONIC_APP_ROOT\android\app\main\AndroidManifest.xml adding android:networkSecurityConfig="@xml/network_security_config" to application.

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="io.ionic.starter">

    <application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        
        android:networkSecurityConfig="@xml/network_security_config"

        android:roundIcon="@mipmap/ic_launcher_round"
        android:supportsRtl="true"
        android:theme="@style/AppTheme">
        <!-- ... -->
    </application>
    <!-- ... -->
</manifest>

score 1 · Answer 16 · answered Jan 18 '20 at 07:49

@Der Hochstapler thanks for the solution.
but in IONIC 4 some customization in project config.xml work for me

Add a line in Widget tag

<widget id="com.my.awesomeapp" version="1.0.0" 
xmlns="http://www.w3.org/ns/widgets"
xmlns:android="http://schemas.android.com/apk/res/android" 
xmlns:cdv="http://cordova.apache.org/ns/1.0">

after this, in the Platform tag for android customize some lines check below
add usesCleartextTraffic=true after networkSecurityConfig and resource-file tags

 <platform name="android">
        <edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
            <application android:networkSecurityConfig="@xml/network_security_config" />
        </edit-config>
        <resource-file src="resources/android/xml/network_security_config.xml" target="app/src/main/res/xml/network_security_config.xml" />
        <edit-config file="AndroidManifest.xml" mode="merge" target="/manifest/application">
            <application android:usesCleartextTraffic="true" />
        </edit-config>
    </platform>

i was added "android:usesCleartextTraffic="true" with "android:networkSecurityConfig="@xml/network_security_config" inside single tag so that was not working for me and when i added new tag for "android:usesCleartextTraffic="true"" and also paste after "android:networkSecurityConfig" tag then it's working for me — yash, Jan 24 '20 at 10:24

joeytwiddle · Answer 17 · 2019-12-12T07:55:12.393

We are using the cordova-custom-config plugin to manage our Android configuration. In this case the solution was to add a new custom-preference to our config.xml:

    <platform name="android">

        <preference name="orientation" value="portrait" />

        <!-- ... other settings ... -->

        <!-- Allow http connections (by default Android only allows https) -->
        <!-- See: https://stackoverflow.com/questions/54752716/ -->
        <custom-preference
            name="android-manifest/application/@android:usesCleartextTraffic"
            value="true" />

    </platform>

Does anybody know how to do this only for development builds? I would be happy for release builds to leave this setting false.

(I see the iOS configuration offers buildType="debug" for that, but I'm not sure if this applies to Android configuration.)

score 0 · Answer 18 · answered Jan 22 '20 at 20:48

In an Ionic 4 capacitor project, when I packaged and deployed to android phone for testing I got this error. Resolved by re-installing capacitor and updating android platform.

npm run build --prod --release
npx cap copy
npm install --save @capacitor/core @capacitor/cli
npx cap init
npx cap update android
npx cap open android

score 0 · Answer 19 · answered Jan 22 '20 at 22:16

If You have Legacy Cordova framework having issues with NPM and Cordova command. I would suggest the below option.

Create file android/res/xml/network_security_config.xml -

    <?xml version="1.0" encoding="utf-8"?>
    <network-security-config>
    <base-config cleartextTrafficPermitted="true" />
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">Your URL(ex: 127.0.0.1)</domain>
    </domain-config>
    </network-security-config>

AndroidManifest.xml -

    <?xml version="1.0" encoding="utf-8"?>
    <manifest ...>
        <uses-permission android:name="android.permission.INTERNET" />
        <application
            ...
            android:networkSecurityConfig="@xml/network_security_config"
            ...>
            ...
        </application>
    </manifest>

Some legacy projects doesn't follow NPM and Cordova commands which has to be manually updated. — Pradeepta, Jan 24 '20 at 17:32
why and not false? you would like to only allow your custom domain and block others, that's what the domain-config element is for — pantos27, Sep 01 '20 at 18:44

score 0 · Answer 20 · answered Apr 13 '23 at 23:55

0

I put manifest -- aplication -- android:usesCleartextTraffic="true"

and build.gradle - defaut config -- useLibrary 'org.apache.http.legacy'

works for me

answered Apr 13 '23 at 23:55

Bruno

27
2

Why am I seeing net::ERR_CLEARTEXT_NOT_PERMITTED errors after upgrading to Cordova Android 8?

20 Answers20

Linked

Related