-
-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Capacitor/Android - usesCleartextTraffic attribute is always true in the AndroidManifest.xml file #17219
Comments
It was introduced ~4.5 years ago in this commit: 3d894c7 If the app is working fine with it set to |
During development this attribute must be But in production environment there are not a web server been requested, so the attribute could be perfectly
|
Any updated of this? @yusufkandemir |
To avoid introducing potential breaking changes, Although it should not be too hard, I don't have any bandwidth to design, implement, and test this API. If you want to contribute this, that would be great. |
…is always true in the AndroidManifest.xml file #17219
… always true in the AndroidManifest.xml file #17219
…is always true in the AndroidManifest.xml file #17219
… always true in the AndroidManifest.xml file #17219
…te is always true in the AndroidManifest.xml file #17219
… is always true in the AndroidManifest.xml file #17219
…te is always true in the AndroidManifest.xml file #17219
… is always true in the AndroidManifest.xml file #17219
Fix will be available in:
Cleartext should have never been left activated for production builds. |
The releases are now available. |
What happened?
My team has developed a web app using Quasar + Capacitor and when the app is built for Android target its produce an
AndroidManifext.xml
file with this property:For security reasons, we are not allowed to deliver an application with this flag set
true
, so we try to set it tofalse
directly in theAndroidManifest.xml
but we noticed during the building that this property is always overrided totrue
, after some research I found this code from Quasar codebase:quasar/app-webpack/lib/utils/fix-android-cleartext.js
Lines 1 to 23 in 30c836a
By the moment, we commented this code directly in the node_modules package, but I would like to know the reason of this flag is always set
true
, I think this option should be configured somewhere in thequasar.config.js
so in case like ours we could disable it easily.PD: Sorry if we don't share a valid reproduction URL, but since capacitor requires AndroidStudio installed in the machine we can't share a Codepen or similar.
What did you expect to happen?
To have an option or configuration where we could config that
CleartextTraffic
attribute.Reproduction URL
https://stackblitz.com/edit/quasarframework-dqtgyx
How to reproduce?
quasar build -m capacitor -T android
AndroidManifest.xml
generated has theusesCleartextTraffic=true
attributeFlavour
Quasar CLI with Webpack (@quasar/cli | @quasar/app-webpack)
Areas
Quasar CLI Commands/Configuration (@quasar/cli | @quasar/app-webpack | @quasar/app-vite), Capacitor Mode
Platforms/Browsers
No response
Quasar info output
Relevant log output
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: