Android 8:不允许明文 HTTP 流量 [英] Android 8: Cleartext HTTP traffic not permitted

问题描述

我收到来自 Android 8 用户的报告，称我的应用(使用后端供稿)不显示内容.经过调查，我发现 Android 8 上发生了以下异常:

I had reports from users with Android 8 that my app (that uses back-end feed) does not show content. After investigation I found following Exception happening on Android 8:

08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)

(我已经删除了包名、URL 和其他可能的标识符)

(I've removed package name, URL and other possible identifiers)

在 Android 7 及更低版本上一切正常，我没有在 Manifest 中设置 android:usesCleartextTraffic(并将其设置为 true 没有帮助，无论如何这是默认值)，我也不使用网络安全信息.如果我调用 NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted()，它将返回 false 用于 Android 8，true 用于旧版本，使用相同的 apk文件.我试图在关于 Android O 的 Google 信息中找到一些提及，但没有成功.

On Android 7 and lower everything works, I do not set android:usesCleartextTraffic in Manifest (and setting it to true does not help, that is the default value anyway), neither do I use Network Security Information. If I call NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(), it returns false for Android 8, true for older version, using the same apk file. I tried to find some mention of this on Google info about Android O, but without success.

推荐答案

根据 网络安全配置 -

从 Android 9(API 级别 28)开始，明文支持被禁用默认情况下.

Starting with Android 9 (API level 28), cleartext support is disabled by default.

另请参阅 Android M 和战争明文流量

Codelabs 解释来自 Google

选项 1 -

首先尝试使用https://"访问 URL；而不是http://"

First try hitting the URL with "https://" instead of "http://"

选项 2 -

创建文件 res/xml/network_security_config.xml -

Create file res/xml/network_security_config.xml -

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">api.example.com(to be adjusted)</domain>
    </domain-config>
</network-security-config>

AndroidManifest.xml -

AndroidManifest.xml -

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:networkSecurityConfig="@xml/network_security_config"
        ...>
        ...
    </application>
</manifest>

选项 3 -

android:usesCleartextTraffic 文档

AndroidManifest.xml -

AndroidManifest.xml -

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:usesCleartextTraffic="true"
        ...>
        ...
    </application>
</manifest>

此外 @david.s 的回答 指出 android:targetSandboxVersion 可以是也有问题-

Also as @david.s' answer pointed out android:targetSandboxVersion can be a problem too -

根据Manifest Docs -

android:targetSandboxVersion

此应用要使用的目标沙箱.沙盒版本越高数字，安全级别越高.它的默认值为 1；你也可以将其设置为 2.将此属性设置为 2 将应用程序切换到一个不同的 SELinux 沙箱.以下限制适用于2 级沙箱:

The target sandbox for this app to use. The higher the sandbox version number, the higher the level of security. Its default value is 1; you can also set it to 2. Setting this attribute to 2 switches the app to a different SELinux sandbox. The following restrictions apply to a level 2 sandbox:

• 网络安全配置中 usesCleartextTraffic 的默认值为 false.
• 不允许共享 Uid.

• The default value of usesCleartextTraffic in the Network Security Config is false.
• Uid sharing is not permitted.

所以选项 4 -

如果您在 中有 android:targetSandboxVersion 然后将其减少到 1

If you have android:targetSandboxVersion in <manifest> then reduce it to 1

AndroidManifest.xml -

AndroidManifest.xml -

<?xml version="1.0" encoding="utf-8"?>
<manifest android:targetSandboxVersion="1">
    <uses-permission android:name="android.permission.INTERNET" />
    ...
</manifest>

这篇关于Android 8:不允许明文 HTTP 流量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！