WebView fails to load the page and reports the error net ERR CLEARTEXT NOT PERMITTED and ERR UNKNOWN URL SCHEME appears after webView loads the page

Hits: 0

According to the network security configuration

Starting with Android 9 (API level 28), cleartext support is disabled by default. Therefore, the url of http cannot be loaded in the webview

See also –  [https://koz.io/android-m-and-the-war-on-cleartext-traffic/]

Codelabs Explained –  https://codelabs.developers.google.com/codelabs/android-network-security-config/index.html

If the application uses unencrypted plaintext traffic for http requests, the request will fail, while https requests will not be affected.

In response to this problem, I have looked at three solutions.

1) Replace Http request with Https request. Since the official said that it is safer to use Https, then replace it with Https.

2) Lower targetSdkVersion below 27. The curve saves the country, since Http has not been supported since 28, then I will use the version below 28.

3) Change network security configuration

The first and the third are many solutions on the Internet. One is to use a more secure https, and the other is to configure it in the manifest file and use unencrypted information transmission.

<application
    ....
    android:usesCleartextTraffic="true"
    ....>
    ....
</application>

Solution: Fundamentally, option one is enough, and other solutions are in the case of unavoidable circumstances.

Option 1 –

To solve the problem from the root,  replace “http://” with a secure HTTPS protocol eg: “https://”

First try hitting the URL with “https://” instead of “http://”

Option 2-

Create file res/xml/network_security_config.xml-

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">api.example.com(to be adjusted)</domain>
    </domain-config>
</network-security-config>

Add android:networkSecurityConfig=”@xml/network_security_config” reference to the application node

AndroidManifest.xml-

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android: />
    <application
        ...
        android:networkSecurityConfig="@xml/network_security_config"
        ...>
        ...
    </application>
</manifest>

Option 3-

android:usesCleartextTraffic Doc

Add android:usesCleartextTraffic=”true” to the application node in the AndroidManifest.xml file  .

AndroidManifest.xml-

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android: />
    <application
        ...
        android:usesCleartextTraffic="true"
        


        ...>
        ...
    </application>
</manifest>

As pointed out in [the answer by @david.s] , this android:targetSandboxVersioncan also be an issue –

According to the manifest file

android:targetSandboxVersion

The target sandbox to use for this app. The higher the sandbox version number, the higher the security level. The default value is 1; the default value is 1. You can also set it to 2. Setting this property to 2 switches the application to a different SELinux sandbox. The following restrictions apply to level 2 sandboxes:

  • usesCleartextTrafficThe default value in the network security configuration is false.
  • Sharing Uids is not allowed.

So option 4-

If there is android:targetSandboxVersion, <manifest>reduce to1

AndroidManifest.xml-

<?xml version="1.0" encoding="utf-8"?>
<manifest android:targetSandboxVersion="1">
    <uses-permission android: />
    ...
</manifest>

4

  • Seems like one more step has to be made in the latest P version? See my question [stackoverflow.com/questions/51770323/…] – spartygw Jan 12 ’17 at 19:09
  • Changing option 1 from domain-config to base-config fixed the issue    The best solution for this problem: use HTTPS. The options mentioned in this answer should only be a last resort. 

(Option 2) The second method

<application 
    android:networkSecurityConfig="@xml/network_security_config"
    ...>

and:

res / xml / network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>


(Option 2) The third method

<application
    ....
    android:usesCleartextTraffic="true"
    ....>

Update: If you have network security configured like:android:networkSecurityConfig="@xml/network_security_config"

As shown above, instead of setting cleartext traffic to true, use the following code:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        ....
        ....
    </domain-config>

    <base-config cleartextTrafficPermitted="false"/>
</network-security-config>

The above are the problems encountered in the development. If there is time in the later period, I will continue to sort them out, or if you have a better solution and add more perfect ones, I would be very grateful. Welcome to leave a message to exchange,

Shushan has road diligence as the path, and the sea of ​​learning is boundless and hard work! ! !

You may also like...

Leave a Reply

Your email address will not be published.