Open odrevet opened 3 years ago
I used the android:usesCleartextTraffic="true" manifest approach to solve this issue on Android 11. This isn't really a just_audio bug but related to how it cleverly creates an internal proxy to send headers and the proxy itself is using http not https.
Oh, that's interesting. My assumption was that using HTTP within the same device would be safe from snooping, and I guess that's true on an unrooted phone.
After checking the SDK, there is an API to create an HTTPS server (SecureServerSocket) which I should probably use.
There is also HttpServer.bindSecure
. I think the issue here will be that iOS doesn't work well with self-signed server certificates:
For apps where security is a relevant concern, I may look into another solution for headers described here:
https://exceptionshub.com/send-headers-with-avplayer-request-in-ios.html
I have avoided using the private API since that may get your app rejected. The two alternatives proposed were to use a proxy (the current solution adopted by just_audio) or a resourceLoader delegate, which may be the right direction to go in.
To Reproduce Steps to reproduce the behavior:
On an android 10 (possibly 9), call to AudioPlayer setUrl function will throw an error if the headers parameter is set, even with an empty map {}.
Error messages
Smartphone (please complete the following information):
Flutter SDK version
Additional context There where no issu on Android 8. So I believe this error is thrown due to new security restrictions. I fixed the problem by adding 127.0.0.1 in a
network_security_config.xml
as explained at https://stackoverflow.com/questions/45940861/android-8-cleartext-http-traffic-not-permitted Please check how just_audio use the localhost adress to prevent this exception on modern android devices.BR