Domain based Cleartext Traffic Permission in Android Applications

, ,

What is the problem?

A few days ago,

I faced an issue about loading some images by using Glide library. As you can guess, image URLs comes from backend services so I have tried to find common pattern between failed ones and add listener to glide request to check is there any exception during image loadings.

Yeah, the root cause was http.

Of course there are a few methods to solve this issue, for example; you can find your backend developer or system engineer to say them;

WHAAAAT? Still HTTP in 2021?? Really? But, please say that if you so close to say this :)

So what I did about problem?

For quick and a little bit more secure solution, I prefer to define domain based network configuration. To do that, you have to create a network-security-config file in your app.

Config network-security-config.xml
1
2
3
4
5
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">yourdomain.com</domain>
    </domain-config>
</network-security-config>

You can configure includeSubdomains as your needs and yourdomain.com part also.

Than you have to set this new config file in ** AndroidManifest.xml**

Manifest android-manifest.xml
1
2
3
4
5
<application
    android:name=".application.App"
    android:label="@string/app_name"
    android:networkSecurityConfig="@xml/network_security_config"
    ...

And thats it!

Have a nice coding :)