“I upgraded to Android P and my React Native won’t connect to my computer to download index.delta anymore” or “CLEARTEXT communication not permitted by network security policy”

Published in

Astrocoders

2 min readMar 5, 2019

Android changed the security policy for HTTP communication requiring you to connect to HTTPS by default. Though it’s possible to configure your localhost to serve HTTPS, let’s do it in the easier way:

Just a reminder that this was already included in the default boilerplate of the latest React Native release so if you are starting fresh this is not necessary

If you are not using flavors

Create a debug/res/xml/network_security_config.xml with the following content:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">localhost</domain>
    </domain-config>
</network-security-config>

2. Create a debug/AndroidManifest.xml with

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"><uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/><application tools:targetApi="28" tools:ignore="GoogleAppIndexingWarning" android:networkSecurityConfig="@xml/network_security_config" />
</manifest>

If you are using flavors

development here is just the flavor I’m used to use.

Create development/res/xml/network_security_config.xml, where development is the name of your development flavor, with the following content:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">localhost</domain>
    </domain-config>
</network-security-config>

2. Create development/AndroidManifest.xml

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"><uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/><application tools:targetApi="28" tools:ignore="GoogleAppIndexingWarning" android:networkSecurityConfig="@xml/network_security_config" />
</manifest>

Please, only use this for development purposes. Do not ship apps in 2019 that don’t use HTTPS for server communication.

Gabriel Rubens Abreu, CTO at Astrocoders, OCaml and Node financial software consulting from outer space. We’re hiring.

“I upgraded to Android P and my React Native won’t connect to my computer to download index.delta anymore” or “CLEARTEXT communication not permitted by network security policy”

If you are not using flavors

If you are using flavors

Written by Gabriel Rubens Abreu