安卓8 : Cleartext HTTP traffic not permitted

我收到 Android 8 用户的报告，称我的应用(使用后端提要)不显示内容。经过调查，我发现 Android 8 上发生以下异常:

08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)

(我已删除包名称、URL 和其他可能的标识符)

在 Android 7 及更低版本上一切正常，我不设置 android:usesCleartextTraffic在 list 中(并将其设置为 true 没有帮助，无论如何这是默认值)，我也不使用网络安全信息。如果我打电话NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted() ，它返回false对于 Android 8，true对于旧版本，使用相同的 apk 文件。我试图在有关 Android O 的 Google 信息中找到有关此内容的一些内容，但没有成功。

最佳答案

根据Network security configuration -

Starting with Android 9 (API level 28), cleartext support is disabled by default.

另请查看Android M and the war on cleartext traffic

Codelabs explanation来自谷歌

选项 1 -

首先尝试使用 https:// 访问 URL而不是http://

选项 2 -

创建文件res/xml/network_security_config.xml -

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">api.example.com(to be adjusted)</domain>
    </domain-config>
</network-security-config>

AndroidManifest.xml -

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:networkSecurityConfig="@xml/network_security_config"
        ...>
        ...
    </application>
</manifest>

选项 3 -

android:usesCleartextTraffic Doc

AndroidManifest.xml -

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:usesCleartextTraffic="true"
        ...>
        ...
    </application>
</manifest>

又如@david.s' answer指出android:targetSandboxVersion也可能是一个问题 -

根据Manifest Docs -

android:targetSandboxVersion

The target sandbox for this app to use. The higher the sandbox version number, the higher the level of security. Its default value is 1; you can also set it to 2. Setting this attribute to 2 switches the app to a different SELinux sandbox. The following restrictions apply to a level 2 sandbox:

The default value of usesCleartextTraffic in the Network Security Config is false.

Uid sharing is not permitted.

所以选项 4 -

如果您有android:targetSandboxVersion在<manifest>然后将其减少为 1

AndroidManifest.xml -

<?xml version="1.0" encoding="utf-8"?>
<manifest android:targetSandboxVersion="1">
    <uses-permission android:name="android.permission.INTERNET" />
    ...
</manifest>

关于安卓8 : Cleartext HTTP traffic not permitted，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/60690020/

安卓8 : Cleartext HTTP traffic not permitted

上一篇：Azure Kudu 访问被curl 拒绝

下一篇：proxy - 在独立的 Jetty 应用程序中使用 Jetty 的代理