Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-26377] Android: Allow non-https requests to work when targeting Android P

GitHub Issuen/a
TypeImprovement
PriorityCritical
StatusClosed
ResolutionFixed
Resolution Date2018-09-12T21:40:45.000+0000
Affected Version/sn/a
Fix Version/sRelease 7.5.0
ComponentsAndroid
Labelsandroid, http, httpclient, network, security
ReporterJoshua Quick
AssigneeJoshua Quick
Created2018-09-11T03:55:41.000+0000
Updated2018-09-24T20:59:56.000+0000

Description

*Summary:* An Android P device will block cleartext "http" requests by default for apps that target Android P. https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted The Java HttpUrlConnection on Android P will throw the following exception when attempt to do a non-https request... 
java.io.IOException: Cleartext HTTP traffic to raw.githubusercontent.com not permitted
*Steps to reproduce:*

Set up "tiapp.xml" to target API Level 28.

Acquire an Android P device that has Internet access.

Build and run [^HttpGetTest.js] on the Android P device.

Tap on the "HTTP Get" button.

Notice that you get a "Cleartext HTTP traffic to not permitted" error.

*Note:* This is also an issue with a WebView loading "http:" pages too. Can be reproduced with the following... 
var window = Ti.UI.createWindow();
window.add(Ti.UI.createWebView({ url: "http://www.google.com" }));
window.open();
*Possible Solution:* Simplest solution may be to set the following "AndroidManifest.xml" <application> attribute "android:usesCleartextTraffic" to true for all Titanium built apps by default. This way apps are backward compatible. But allow the Titanium developer to set this to false in the "tiapp.xml". https://developer.android.com/guide/topics/manifest/application-element#usesCleartextTraffic Example... 
<manifest>
	<application android:usesCleartextTraffic="true"/>
</manifest>

Attachments

FileDateSize
HttpGetTest.js2018-09-11T22:57:17.000+0000923

Comments

  1. Joshua Quick 2018-09-12

    PR (master): https://github.com/appcelerator/titanium_mobile/pull/10319
  2. Lokesh Choudhary 2018-09-12

    FR Passed. PR Merged.
  3. Keerthi Mahalingam 2018-09-24

    Verified the fix with sdk 7.5.0.v20180924090601. Works fine.Closing. 
       Operating System
     Name                        = Mac OS X
     Version                     = 10.13.6
     Architecture                = 64bit
   Node.js
     Node.js Version             = 8.9.1
     npm Version                 = 5.5.1
   Titanium CLI
     CLI Version                 = 5.1.1
   Titanium SDK
     SDK Version                 = 7.5.0.v20180924090601
   Device				= samsung galaxy s5 -Android 6
   					Pixel emulator -Android 8 ,pixelAndroid 9 device

JSON Source