I need some help with a new manifest/security configuration.
I was just updating a live android app and I saw that there was a warning on the existing store app.
The warning is as follows:
Now, I only use http when developing on my local machine (to connect to a WSL2 Ubuntu instance) when I release the live app, all calls are HTTPS.
However, this means that I do have
CreateResourceFromFile(Macro, Core.NetworkClearText)
in the manifest.
The survey basically asks you if you know how to convert your app from http to https. (which is already is when running against production servers)
This page :
https://developer.android.com/training/articles/security-config
talks about how to limit the cleartext to only certain domains.
I think it should be in the manifest file:
<application android:networkSecurityConfig="@xml/network_security_config" >
</application>
In the security config file, which is an XML file somewhere, it should be something like:
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">http://localipdomain</domain>
</domain-config>
</network-security-config>
Can anyone help me setting this up?
Thanks