[Android] Android 9 can not access bundler via cleartext request without additional config #22375
Comments
react-native-bot
added
Tech: Bundler 📦
|
sorry @TikiTDO but can you provide an example of a working |
|
@meatwallace I'm using the block almost verbatim from the example: <?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">localhost</domain>
</domain-config>
</network-security-config>Obviously this will only work if you're connecting using USB, and using |
|
For localhost development these are the domains that we put in our debug app in src/debug/res/xml/network_security_config.xml <domain includeSubdomains="false">localhost</domain>
<domain includeSubdomains="false">10.0.2.2</domain>
<domain includeSubdomains="false">10.0.3.2</domain>It's based on |
|
where is the network_security_config.xml? my apk don't have this !!! @TikiTDO |
|
@iamdurui You create it. |
|
Came across this issue today, I used a one-liner to work around this for now; Added Though adding a Have pushed up a PR that adds the network security config as part of RN |
|
Thanks to @Salakar's PR this will be fixed in RN soon :) |
Summary: This fixes #22375. Android API level 28 and above now blocks all [clear text requests](https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted) unless a network configuration rule is added to exclude it specifically. The packager falls into this category and therefore gets blocked; resulting in the app being unable to connect to it. Domains/IPs for the config have been taken from [here](https://github.com/facebook/react-native/blob/master/ReactAndroid/src/main/java/com/facebook/react/modules/systeminfo/AndroidInfoHelpers.java#L20-L22). This change only adds to DevSupport android resources - so won't affect builds without DevSupport, e.g. release builds. Changelog: ---------- [ANDROID] [DevSupport] add Network Security Config file to allow access to packager via cleartext requests in Android API 28 and above. (fixes #22375) Pull Request resolved: #23105 Differential Revision: D13781516 Pulled By: cpojer fbshipit-source-id: f7574f3e1b0fe6984efe1d0598ef631385c245bc
|
@Salakar How is devsupport files filtered out of release builds, I cannot find such information. RN only releases one AAR file, not for debug and release separately. Also as far as I know having this XML file alone does not do anything, the application needs to point to it in AndroidManifest.xml through: <application android:networkSecurityConfig="@xml/network_security_config" ... >Did you confirm your commit fixes the issue in debug build and does not make localhost usable in relase builds? If it doesn't work, maybe we can move the file into template/android/app/src/debug folder path. |
…book#23105)" This reverts commit 9f14ac2
…23135) Summary: This is a follow-up PR for #23105 - as mentioned on discord. --- This PR applies the network security config for the RN template project only. New RN projects started with the updated template will be able to connect to the packager on builds built with Android API 28 & above. See https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted for more information about this newly required config, specifically:  Changelog: ---------- [ANDROID] [Template] add Network Security Config file to allow access to packager via cleartext requests in Android API 28 and above. (fixes #22375) Pull Request resolved: #23135 Differential Revision: D13917058 Pulled By: cpojer fbshipit-source-id: 0e66f2cde712c1285d217e3625b73028c3770b65
Summary: This fixes facebook#22375. Android API level 28 and above now blocks all [clear text requests](https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted) unless a network configuration rule is added to exclude it specifically. The packager falls into this category and therefore gets blocked; resulting in the app being unable to connect to it. Domains/IPs for the config have been taken from [here](https://github.com/facebook/react-native/blob/master/ReactAndroid/src/main/java/com/facebook/react/modules/systeminfo/AndroidInfoHelpers.java#L20-L22). This change only adds to DevSupport android resources - so won't affect builds without DevSupport, e.g. release builds. Changelog: ---------- [ANDROID] [DevSupport] add Network Security Config file to allow access to packager via cleartext requests in Android API 28 and above. (fixes facebook#22375) Pull Request resolved: facebook#23105 Differential Revision: D13781516 Pulled By: cpojer fbshipit-source-id: f7574f3e1b0fe6984efe1d0598ef631385c245bc
…acebook#23105) (facebook#23135) Summary: This is a follow-up PR for facebook#23105 - as mentioned on discord. --- This PR applies the network security config for the RN template project only. New RN projects started with the updated template will be able to connect to the packager on builds built with Android API 28 & above. See https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted for more information about this newly required config, specifically:  Changelog: ---------- [ANDROID] [Template] add Network Security Config file to allow access to packager via cleartext requests in Android API 28 and above. (fixes facebook#22375) Pull Request resolved: facebook#23135 Differential Revision: D13917058 Pulled By: cpojer fbshipit-source-id: 0e66f2cde712c1285d217e3625b73028c3770b65
…23135) Summary: This is a follow-up PR for #23105 - as mentioned on discord. --- This PR applies the network security config for the RN template project only. New RN projects started with the updated template will be able to connect to the packager on builds built with Android API 28 & above. See https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted for more information about this newly required config, specifically:  Changelog: ---------- [ANDROID] [Template] add Network Security Config file to allow access to packager via cleartext requests in Android API 28 and above. (fixes #22375) Pull Request resolved: #23135 Differential Revision: D13917058 Pulled By: cpojer fbshipit-source-id: 0e66f2cde712c1285d217e3625b73028c3770b65
|
@Salakar 's workaround worked right away on my MI8 with android 9. Thanks 👍 |
|
Well, we iterated on Salakar's work, accidentally broke it, and fixed it again. But by at this point in 0.59.0-rc.2 this should be completely fixed. |
|
|
Summary: This fixes facebook#22375. Android API level 28 and above now blocks all [clear text requests](https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted) unless a network configuration rule is added to exclude it specifically. The packager falls into this category and therefore gets blocked; resulting in the app being unable to connect to it. Domains/IPs for the config have been taken from [here](https://github.com/facebook/react-native/blob/master/ReactAndroid/src/main/java/com/facebook/react/modules/systeminfo/AndroidInfoHelpers.java#L20-L22). This change only adds to DevSupport android resources - so won't affect builds without DevSupport, e.g. release builds. Changelog: ---------- [ANDROID] [DevSupport] add Network Security Config file to allow access to packager via cleartext requests in Android API 28 and above. (fixes facebook#22375) Pull Request resolved: facebook#23105 Differential Revision: D13781516 Pulled By: cpojer fbshipit-source-id: f7574f3e1b0fe6984efe1d0598ef631385c245bc
…acebook#23105) (facebook#23135) Summary: This is a follow-up PR for facebook#23105 - as mentioned on discord. --- This PR applies the network security config for the RN template project only. New RN projects started with the updated template will be able to connect to the packager on builds built with Android API 28 & above. See https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted for more information about this newly required config, specifically:  Changelog: ---------- [ANDROID] [Template] add Network Security Config file to allow access to packager via cleartext requests in Android API 28 and above. (fixes facebook#22375) Pull Request resolved: facebook#23135 Differential Revision: D13917058 Pulled By: cpojer fbshipit-source-id: 0e66f2cde712c1285d217e3625b73028c3770b65
thankz buddy you save my day |
|
Just a heads up for people that have existing RN projects and just started targeting API level 28, to apply the whitelist for debug builds only:
edit: updated wrong application attribute |
|
@aryo, thanks. Was wondering how to do this myself and found little documentation. |
ℹThere were couple workarounds, but the final solution is documented here:https://facebook.github.io/react-native/docs/integration-with-existing-apps#cleartext-traffic-api-level-28 |
|
Please note that presence of |
Android api level 28+ seems to not allow http traffic by default. This breaks react-native debugging that relies on fetching artifacts over http for quick iteration. See react native github isse facebook/react-native#22375 for more details.
Environment
Description
As of Android 9 (API Level 28), the default behavior is to now block all clear text requests, unless a domain is specifically configured to allow this behavior. As a result the bundler URL is not reachable in development mode, with a generic error that offers no context to what the problem could be, or what solutions are available.
The issue is fairly trivial to resolve once the root cause is apparent, but getting to that root cause can take a bit of searching.
Reproducible Demo
Start a
react-nativeapp on an Android 9 devices (I only tested physical device), in development mode. The app will not start, and will complain that the bundle can not be fetched.The text was updated successfully, but these errors were encountered: