I am trying to build a native app for Android 11 which will allow AJAX calls using http:. I am using the latest version of AppStudio. My previous builds (using previous versions of VoltBuilder) for Android 9 & 10 worked fine.
I am aware that “From Android 9 Pie onwards, requests without encryption will not work, and by default, Android expects you to use TLS.”. The Troubleshooting guide, from VoltBuilder Docs, says that “The easy way to bypass this is to add this plugin to your config.xml.” This being…
<plugin name="cordova-plugin-cleartext" />
I have added this but my app still returns… “Error: Status = 0” with an undefined description whenever I try to POST some data using http…
I have the following settings in my config.xml file:
Continuing with my inverstigation and trying to resolve the issue, I re-built my App in debug mode so I could trace what exactly is occuring. It appears that I am running into a “Mixed Content Issue” when trying to send a message via http: (See below)
Mixed Content: The page at 'https://localhost/index.html' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://192.168.0.21:8081/SavePhoto?Notice=RP203625&TimeStamp=20220926_221519'. This request has been blocked; the content must be served over HTTPS.
It is my assumption that the Android 10.1.2 build is loading the “index.html” resource via https where-as in older versions it used http. (Not totally sure about this…)
The “cordova-plugin-cleartext” does not seem to do anything even though your Troubleshooting guide states otherwise. I also tried to play with some of the Content Security Policy setting but to no avail.
It appears that I must implement https: on my Local Web Server (even for testing) and then on my customers Web Servers unless someone can help resolve this issue.
Has anyone else run into this same issue?
Does anyone one have a work around to give me time to implement https Web Serverer on my customers sites?
Any help or assistance will be greatly appreciated,
It’s going to get harder and harder to support unencrypted HTTP in any context.
In production the only real choice is to procure certificates for you customer’s servers. Fortunately this should just require a bit of configuration because Let’s Encrypt provides certificates for free.
In development, a tool like ngrok is invaluable in creating tunnels to local services that not only support HTTPS, but also are available on the internet. There are several alternatives as well.
I’ve taken a look at the plugin you mentioned along with a few alternatives and I don’t expect any would work without modifications to both the plugins and your project. I think your clearest path forward would be to start moving toward using HTTPS.
Thanks for your detailed response. As you suggested, I will move towards implementing HTTPS for my customers. (As this is new to me, I will try to use Let’s Encrypt certificates; if the Customer’s IT departments don’t already have ones of their own.)
As for testing my Android Apps on my local PC, will Let’s Encrypt also install and work or is there something else that I should be using?
You won’t be able to use Let’s Encrypt on the local PC. That’s why I suggested using a service such as ngrok. ngrok allows you to create tunnels to local services that not only support HTTPS, but also are available on the internet. There are several alternatives as well.