Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

bug: ERR_CLEARTEXT_NOT_PERMITTED

See original GitHub issue

Bug Report

Android throws ERR_CLEARTEXT_NOT_PERMITTED.

Capacitor Version

npx cap doctor output: Latest Dependencies: @capacitor/cli: 1.3.0 @capacitor/core: 1.3.0 @capacitor/android: 1.3.0 @capacitor/ios: 1.3.0

Installed Dependencies: @capacitor/ios not installed @capacitor/core 1.3.0 @capacitor/cli 1.3.0 @capacitor/android 1.3.0

[success] Android looking great! 👌

Affected Platform(s)

Android
iOS
Electron
Web

Current Behavior

Android does not open webview and shows ERR_CLEARTEXT_NOT_PERMITTED.

Solution

To solve the issue I had to add android:usesCleartextTraffic="true" in AndroidManifest.xml as suggested in https://stackoverflow.com/questions/54752716/why-am-i-seeing-neterr-cleartext-not-permitted-errors-after-upgrading-to-cordo

This is also described in https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted:

    <application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:roundIcon="@mipmap/ic_launcher_round"
        android:supportsRtl="true"
        android:usesCleartextTraffic="true"
        android:theme="@style/AppTheme">

Issue Analytics

State:
Created 4 years ago
Reactions:17
Comments:10 (3 by maintainers)

Top GitHub Comments

3reactions

miqmagocommented, Oct 31, 2019

@jcesarmobile thanks, as you said this is an Android 9+ feature to move to https. But imo, when an app is in development stage, normally one should not take care of https, otherwise would mean to open 443 port in development machine, certificate issues and much more headaches. So it makes sense to add android:usesCleartextTraffic="true" in AndroidManifest.xml.

On the other hand, when capacitor compiles the app for production (where https should be mandatory), server.url is autoremoved, so it makes sense to remove android:usesCleartextTraffic="true" in AndroidManifest.xml.

Then I see a risk for developers to leave this option in AndroidManifest.xml and push to stores with this flag. I understand that this is not a big issue, but anyway it is an issue, don’t know if in the future Android is planning to penalize in some way apps using http, right now in the web it affects to SEO.

Maybe the issue is not a bug but a feature request, and also don’t really know if capacitor is the responsible of changing/alerting developer of this potencial error. Maybe should be a gradle script or similar. What I think is clear is that this is a developer experience issue.

2reactions

jcesarmobilecommented, Oct 31, 2019

It has to be manual, unless using something that handles it for you such as Ionic CLI. Not sure if Ionic CLI works with stencil apps, sorry.