I have a specific requirement wherein I have to block all http requests coming from the app, but there is a particular http url which a library uses which I have to whitelist. Tried setting the network_security_config xml as follows but can't load that http url. Have defined the network_security_config xml inside the manifest file as well.
Url is of the format http://abc.xyz.org
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="false" />
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">"abc.xyz.org"</domain>
</domain-config>
</network-security-config>
Is there something I'm missing here.
Create xml/network_security_config file with following domain rule.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<!-- As you want to pass domain-specific traffic -->
<domain-config cleartextTrafficPermitted="true">
<!-- Add your specific domain you want to pass without https -->
<domain includeSubdomains="true">abc.xyz.org</domain>
</domain-config>
</network-security-config>
Add Network Security Config in Manifest:
<application android:label="your App Name" android:icon="@drawable/icon" android:networkSecurityConfig="@xml/network_security_config">