Open TaTo30 opened 3 months ago
It was introduced ~4.5 years ago in this commit: https://github.com/quasarframework/quasar/commit/3d894c79d14f6469d78e1f8b0802909e8a758400 I think it stems from this issue: https://github.com/ionic-team/capacitor/issues/2118
If the app is working fine with it set to false
(or left unspecified), both when the dev server is using HTTP and HTTPS, then we can remove that fix. Please let us know the behavior under different scenarios. If it's still needed most of the time, we will provide a way to disable this fix, instead of removing it.
During development this attribute must be true
, so the web server can be requested by the client, otherwise, ERR_CLEARTEXT_NOT_PERMITTED error will throw out.
But in production environment there are not a web server been requested, so the attribute could be perfectly false
. What about do something like this:
usesCleartextTraffic="true"
, when the project is in development (quasar dev
)usesCleartextTraffic="false"
, when building (quasar build
)quasar.config
thoughAny updated of this? @yusufkandemir
To avoid introducing potential breaking changes, usesCleartextTraffic
should still be true in production unless specified otherwise. So, we can add an option to quasar.config file > capacitor
to be able to turn it off in production when needed.
Although it should not be too hard, I don't have any bandwidth to design, implement, and test this API. If you want to contribute this, that would be great.
What happened?
My team has developed a web app using Quasar + Capacitor and when the app is built for Android target its produce an
AndroidManifext.xml
file with this property:For security reasons, we are not allowed to deliver an application with this flag set
true
, so we try to set it tofalse
directly in theAndroidManifest.xml
but we noticed during the building that this property is always overrided totrue
, after some research I found this code from Quasar codebase:https://github.com/quasarframework/quasar/blob/30c836a7dc60ca148240f4f89169551d0745b524/app-webpack/lib/utils/fix-android-cleartext.js#L1-L23
By the moment, we commented this code directly in the node_modules package, but I would like to know the reason of this flag is always set
true
, I think this option should be configured somewhere in thequasar.config.js
so in case like ours we could disable it easily.PD: Sorry if we don't share a valid reproduction URL, but since capacitor requires AndroidStudio installed in the machine we can't share a Codepen or similar.
What did you expect to happen?
To have an option or configuration where we could config that
CleartextTraffic
attribute.Reproduction URL
https://stackblitz.com/edit/quasarframework-dqtgyx
How to reproduce?
quasar build -m capacitor -T android
AndroidManifest.xml
generated has theusesCleartextTraffic=true
attributeFlavour
Quasar CLI with Webpack (@quasar/cli | @quasar/app-webpack)
Areas
Quasar CLI Commands/Configuration (@quasar/cli | @quasar/app-webpack | @quasar/app-vite), Capacitor Mode
Platforms/Browsers
No response
Quasar info output
Relevant log output
No response
Additional context
No response