Menu
Android 7.0 intorduced Network Security Config to support use custom CAs, but how Cordova support that? I can not find any hint from docs of Cordova.
473
The Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
config. xml is a global configuration file that controls many aspects of a cordova application's behavior. This platform-agnostic XML file is arranged based on the W3C's Packaged Web Apps (Widgets) specification, and extended to specify core Cordova API features, plugins, and platform-specific settings.
The Cordova configuration file is a mandatory XML file that contains application metadata, and is stored in the root directory of the app. The file is automatically generated when you create a Cordova application.
You can achieve this by adding the edit-config tag to the Android platform in your config.xml, this is supported by Cordova Android Plugin v7.0.
You will need to create the Network Security Config file that you would create for a native Android application using the examples from Google.
Next in the Cordova config.xml you can use the edit-config tag to add the networkSecurityConfig attribute to the Application tag. Then you just need to copy the Network Security Config file as a resource for your application to the res/xml directory.
Here is an example of how this might look in your applications config.xml
...
<platform name="android">
<edit-config xmlns:android="http://schemas.android.com/apk/res/android" file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application">
<application android:networkSecurityConfig="@xml/network_security_config" />
</edit-config>
<resource-file src="network_security_config.xml" target="app/src/main/res/xml/network_security_config.xml" />
</platform>
...
What James answered works but if you have an application where you can't specify a domain or wants to allow clear text traffic for all domains, we need to set android:usesCleartextTraffic="true" in platforms/android/app/src/main/AndroidManifest.xml in <application> tag.
Because, in Android P (version 9, API level 28), cleartext support is by default disabled. To achieve this, just add the following in your config.xml inside <platform name="android">:
<edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application">
<application android:usesCleartextTraffic="true" />
</edit-config>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
