philpx32 commented on issue #43: URL: https://github.com/apache/cordova-plugin-whitelist/issues/43#issuecomment-683410714
> Hi! I have good news! > > After searching all day on internet I found a solution for this problem. > > All you have to do is include on AndroidManifest.xml the following key-pair-value on the application tag: > > android:usesCleartextTraffic="true" > > On API 28 this attribute is set false for default(for security reasons), in previous Android API is was true. > > As follow in Google documentation: > > android:usesCleartextTraffic > Indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". > When the attribute is set to "false", platform components (for example, HTTP and FTP stacks, DownloadManager, and MediaPlayer) will refuse the app's requests to use cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as well. The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected. > > So, I think the apache cordova could anticipating this information for developers... And the most important is to update the whitelist plugin with this information. @willianslash Damn, it worked like a charm. Thanks abunch ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
