Android 8:不允许明文 HTTP 流量 [英] Android 8: Cleartext HTTP traffic not permitted
问题描述
我收到来自 Android 8 用户的报告,称我的应用(使用后端供稿)不显示内容.经过调查,我发现 Android 8 上发生了以下异常:
I had reports from users with Android 8 that my app (that uses back-end feed) does not show content. After investigation I found following Exception happening on Android 8:
08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)
(我已经删除了包名、URL 和其他可能的标识符)
(I've removed package name, URL and other possible identifiers)
在 Android 7 及更低版本上一切正常,我没有在 Manifest 中设置 android:usesCleartextTraffic
(并将其设置为 true
没有帮助,无论如何这是默认值),我也不使用网络安全信息.如果我调用 NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted()
,它将返回 false
用于 Android 8,true
用于旧版本,使用相同的 apk文件.我试图在关于 Android O 的 Google 信息中找到一些提及,但没有成功.
On Android 7 and lower everything works, I do not set android:usesCleartextTraffic
in Manifest (and setting it to true
does not help, that is the default value anyway), neither do I use Network Security Information. If I call NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted()
, it returns false
for Android 8, true
for older version, using the same apk file.
I tried to find some mention of this on Google info about Android O, but without success.
推荐答案
根据 网络安全配置 -
从 Android 9(API 级别 28)开始,明文支持被禁用默认情况下.
Starting with Android 9 (API level 28), cleartext support is disabled by default.
另请参阅 Android M 和战争明文流量
Codelabs 解释来自 Google
选项 1 -
首先尝试使用https://"访问 URL;而不是http://"
First try hitting the URL with "https://" instead of "http://"
选项 2 -
创建文件 res/xml/network_security_config.xml -
Create file res/xml/network_security_config.xml -
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">api.example.com(to be adjusted)</domain>
</domain-config>
</network-security-config>
AndroidManifest.xml -
AndroidManifest.xml -
<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:networkSecurityConfig="@xml/network_security_config"
...>
...
</application>
</manifest>
选项 3 -
android:usesCleartextTraffic 文档
AndroidManifest.xml -
AndroidManifest.xml -
<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:usesCleartextTraffic="true"
...>
...
</application>
</manifest>
此外 @david.s 的回答 指出 android:targetSandboxVersion
可以是也有问题-
Also as @david.s' answer pointed out android:targetSandboxVersion
can be a problem too -
根据Manifest Docs -
android:targetSandboxVersion
此应用要使用的目标沙箱.沙盒版本越高数字,安全级别越高.它的默认值为 1;你也可以将其设置为 2.将此属性设置为 2 将应用程序切换到一个不同的 SELinux 沙箱.以下限制适用于2 级沙箱:
The target sandbox for this app to use. The higher the sandbox version number, the higher the level of security. Its default value is 1; you can also set it to 2. Setting this attribute to 2 switches the app to a different SELinux sandbox. The following restrictions apply to a level 2 sandbox:
- 网络安全配置中
usesCleartextTraffic
的默认值为 false. - 不允许共享 Uid.
- The default value of
usesCleartextTraffic
in the Network Security Config is false. - Uid sharing is not permitted.
所以选项 4 -
如果您在
中有 android:targetSandboxVersion
然后将其减少到 1
If you have android:targetSandboxVersion
in <manifest>
then reduce it to 1
AndroidManifest.xml -
AndroidManifest.xml -
<?xml version="1.0" encoding="utf-8"?>
<manifest android:targetSandboxVersion="1">
<uses-permission android:name="android.permission.INTERNET" />
...
</manifest>
这篇关于Android 8:不允许明文 HTTP 流量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!