Why am I seeing net::ERR_CLEARTEXT_NOT_PERMITTED errors after upgrading to Cordova Android 8?
The default API level in the Cordova Android platform has been upgraded. On an Android 9 device, clear text communication is now disabled by default.
To allow clear text communication again, set the android:usesCleartextTraffic
on your application
tag to true
:
<platform name="android">
<edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application">
<application android:usesCleartextTraffic="true" />
</edit-config>
</platform>
As noted in the comments, if you have not defined the android
XML namespace previously, you will receive an error: unbound prefix
during build. This indicates that you need to add it to your widget
tag in the same config.xml
, like so:
<widget id="you-app-id" version="1.2.3"
xmlns="http://www.w3.org/ns/widgets"
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:cdv="http://cordova.apache.org/ns/1.0">
There are two things to correct in config.xml So the right answer should be adding the xmls:android:
<widget id="com.my.awesomeapp" version="1.0.0"
xmlns="http://www.w3.org/ns/widgets"
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:cdv="http://cordova.apache.org/ns/1.0">
plus editing the config to allow:
<platform name="android">
<edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application">
<application android:usesCleartextTraffic="true" />
</edit-config>
</platform>
If step 1 is avoided error: unbound prefix. will appear
Cleartext here represents unencrypted information. Since Android 9, it is recommended that apps should call HTTPS APIs to make sure there is no eves dropping.
However, if we still need to call HTTP APIs, we can do following:
Platform: Ionic 4
Create a file named: network_security_config.xml under project-root/resources/android/xml
Add following lines:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain>ip-or-domain-name</domain>
</domain-config>
</network-security-config>
Now in project-root/config.xml, update following lines:
<platform name="android">
<edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
<application android:usesCleartextTraffic="true" />
<application android:networkSecurityConfig="@xml/network_security_config" />
</edit-config>
... other statements...
It should work now.
To solve the problem there's other option. in file resources/android/xml/network_security_config.xml. insert:
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain>localhost</domain>
<domain includeSubdomains="true">192.168.7.213:8733</domain>
</domain-config>
</network-security-config>
Im my case I´m using IP address then base-config is necessary, but if you have a domain. just add the domain.
I ran into this problem myself today, and found a really nifty plugin that will save you the hassle of trying to manually allow cleartext traffic in Android 9+ for your Apache Cordova application. Simply install cordova-plugin-cleartext, and the plugin should take care of all the behind the scenes Android stuff for you.
$ cordova plugin add cordova-plugin-cleartext
$ cordova prepare
$ cordova run android