Cleartext http traffic to server.com not permitted

Question

My code is working on android KitKat but it when running it in Pie gives io exception

Cleartext http traffic to server.com not permitted

Answer 1

Solved

Edit your ► ’ network security_config.xml ’

Add line ► Domain.com OR your IP(12.34.456.78)

after change it will look like this

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
           <domain includeSubdomains="true">Domain.com OR your IP(12.34.456.78)</domain>
           <domain includeSubdomains="true">localhost</domain>
    </domain-config>
</network-security-config>

Answer 2

Adding the android:usesCleartextTraffic attribute in the application element of your AndroidManifest.xml works!

To do this in Xamarin Forms you can achieve this by adding the following in the AssemblyInfo.cs of your Android solution.

// Because I only want this in development
#if DEBUG 
[assembly: Application(UsesCleartextTraffic = true)]
#endif

Answer 3

First step is understanding why Google enforces you to use HTTPS. You can read more about it on the developers page.

As for how to fix it, there are two options:

1) Use HTTPS!

2) Create a new file in your XML folder named security_config.xml and add this:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>

then in your Manifest file add this

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/security_config">

    </application>
</manifest> 

For obvious reasons, the second point is not recommended!

Answer 4

If you don't have the option of using HTTPS, then you can use a network security configuration xml file

<?xml version="1.0" encoding="utf-8"?>
    <network-security-config>
        <domain-config cleartextTrafficPermitted="true">
            <domain includeSubdomains="true">192.168.1.100</domain>
            <domain includeSubdomains="true">http://example1.com</domain>
            <domain includeSubdomains="true">example1.com</domain>
        </domain-config>
    </network-security-config>

Then you need to add it to your <application section in the Android Manifest with this line

android:networkSecurityConfig="@xml/testing_security"

Some alternatives were presented in other answers - i would say that allowing all cleartext traffic is unwise since 3rd party libraries could compromise you. It is best to explicitly define your host targets to minimise the impact of this insecure communication

Answer 5

Simple Solution:

Add this line in your manifest:

android:usesCleartextTraffic="true"

because I have faced the same issue with my php page for json api.

It should look like this:

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:usesCleartextTraffic="true"
        ...>
        ...
    </application>
</manifest>

Let's hope it works.