How to fix 'Cleartext HTTP traffic to x not permitted' in xamarin android

Asked 13/4, 2021 at 8:12 Answered 13/4, 2024 at 18:28

http xamarin.forms https xamarin.android cleartext

I have an issue in my application Cleartext HTTP traffic to x not permitted.

I've already tried putting android:usesCleartextTraffic="true" in my manifest. But i want to change "android:usesCleartextTraffic" flag to "false" to prevent unencrypted traffic from being sent.

How to solve this?

Georgiannageorgianne answered 13/4, 2021 at 8:12 Comment(4)

Do you want to disable usesCleartextTraffic programmatically ? – Shunt 13/4, 2021 at 10:43

I am getting Cleartext HTTP traffic to x not permitted issue. How to solve this issue without enabling the android:usesCleartextTraffic as true in manifest file – Georgiannageorgianne 13/4, 2021 at 10:56

Please check https://mcmap.net/q/35772/-cleartext-http-traffic-not-permitted-duplicate. – Shunt 13/4, 2021 at 10:59

How did you solve this, please @Georgiannageorgianne ? – Talkfest 23/12, 2021 at 0:18

If at some point you want to move to MAUI (which has no AssemblyInfo.cs), you might want to add UsesCleartextTraffic) to your Application attribute in Platforms/Android/MainApplication.cs:

#if DEBUG                                   // connect to local service on the
[Application(UsesCleartextTraffic = true)]  // emulator's host for debugging,
#else                                       // access via http://10.0.2.2
[Application]                               
#endif
public class MainApplication : MauiApplication
{
    ...
}

Geometric answered 30/3, 2022 at 14:50 Comment(0)

You can fix this with one line of code. Open AssemblyInfo.cs in your android project under properties and add the code below:

[assembly: Application(UsesCleartextTraffic = true)]

Pavia answered 9/7, 2021 at 8:10 Comment(1)

I might also recommend wrapping that in #if DEBUG and #endif, in case you want to only allow this behavior in debug builds. – Teofilateosinte 19/11, 2021 at 10:2

In Maui, expand Platforms/Android and edit MainApplication.cs.

Replace "[Application]", near the top, with "[Application(UsesCleartextTraffic = true)]"

Teofilateosinte answered 9/4, 2022 at 18:6 Comment(3)

thanks I was specifically looking for this – Schleswigholstein 18/5, 2022 at 10:9

Basically a duplicate of my answer, but for release versions of serious apps, you definitely want to restrict network connections to only use TLS. It may lower the review rating if you upload an app to GooglePlay that still allows http connections. Therefore I recommend the #if DEBUG. – Geometric 21/6, 2022 at 12:50

You are my hero! Saved time. Was looking for it. – Caseworm 30/3, 2023 at 22:47

Assuming you are accessing a server that doesn't support HTTPS, then you can create exceptions in your network security config. You can create a file net_sec_conf.xml like this:

<?xml version="1.0" encoding="utf-8" ?>
<network-security-config>
  <base-config cleartextTrafficPermitted="false">
    <trust-anchors>
      <certificates src="system" />
    </trust-anchors>
  </base-config>
  <domain-config cleartextTrafficPermitted="true">
    <domain includeSubdomains="true">api.example.org</domain>
    <trust-anchors>
      <certificates src="system" />
    </trust-anchors>
  </domain-config>
</network-security-config>

and then in manifest file add this line:

android:networkSecurityConfig="@xml/net_sec_conf"

(assuming you have put the file in xml folder). This way cleartext HTTP traffic will only be allowed for the specified domain.

Of course, if the server supports HTTPS, then you just need to change your URL "http://..." to "https://...".

Udell answered 13/4, 2021 at 11:30 Comment(1)

I tried something like this, but could not found out how to make the net_sec_conf.xml to be added in the artifact. In side the apk file there was a res/xml folder, but it did not contain the added file net_sec_conf.xml. Solution from @Pavia with the debug-comment from Mike worked for me. – Coxalgia 1/2, 2022 at 13:13

This worked for .Net MAUI.

What worked for me:

Create a file named network_security_config.xml in Platforms\Android\Resources\xml (create the 'xml' folder if does not exist).

Add this configuration to the file, replace YOUR_IP_ADRESS with your machine ip adress, which you can get by running 'ipconfig' in cmd and copy the value of 'Adresse IPv4':

 <network-security-config>
     <domain-config cleartextTrafficPermitted="true">
         <domain includeSubdomains="true">YOUR_IP_ADRESS</domain>
     </domain-config>
 </network-security-config>

Go to AndroidManifest.xml right click -> open with -> XML Editor(depends on the IDE you are using) and add the following values to the application node: <application .... android:networkSecurityConfig="@xml/network_security_config" android:usesCleartextTraffic="true" ...>
Go to MainApplication.cs in the Platforms/Android folder and add the following code as an attribute to the class:

... #if DEBUG [Application(UsesCleartextTraffic = true)] // for development, #else [Application(UsesCleartextTraffic = false)] // production #endif public class MainApplication : MauiApplication ...

Happy coding!

Sasin answered 27/1, 2024 at 9:1 Comment(0)

After trying a lot of alternative solutions finaly it came to work with the following change in .NET 8 Maui

Add android:usesCleartextTraffic="true" text to the Application tag under AndroidManifest.xml

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android">
    <application ... android:usesCleartextTraffic="true"></application>
</manifest>

Mojica answered 13/4, 2024 at 18:28 Comment(0)

Recommended topics

Hot tags