search

stripe / stripe-android

Stripe Android SDK
https://stripe.com/docs/mobile/android
MIT License
1.23k stars 628 forks source link

Enforce HTTPs for all network requests. #8684

Closed jaynewstrom-stripe closed 5 days ago

jaynewstrom-stripe commented 5 days ago

This is more or less a manual revert of #4851.

Summary

This functionality is no longer needed, as the reason it was introduced has since changed.

github-actions[bot] commented 5 days ago

Diffuse output:

OLD: paymentsheet-example-release-master.apk (signature: V1, V2)
NEW: paymentsheet-example-release-pr.apk (signature: V1, V2)

          │          compressed           │         uncompressed          
          ├───────────┬───────────┬───────┼───────────┬───────────┬───────
 APK      │ old       │ new       │ diff  │ old       │ new       │ diff  
──────────┼───────────┼───────────┼───────┼───────────┼───────────┼───────
      dex │     4 MiB │     4 MiB │  -4 B │   8.7 MiB │   8.7 MiB │ +20 B 
     arsc │   2.3 MiB │   2.3 MiB │   0 B │   2.3 MiB │   2.3 MiB │   0 B 
 manifest │   5.1 KiB │   5.1 KiB │   0 B │  25.6 KiB │  25.6 KiB │   0 B 
      res │ 918.5 KiB │ 918.5 KiB │   0 B │   1.5 MiB │   1.5 MiB │   0 B 
   native │   2.6 MiB │   2.6 MiB │   0 B │     6 MiB │     6 MiB │   0 B 
    asset │   2.9 MiB │   2.9 MiB │  -1 B │   2.9 MiB │   2.9 MiB │  -1 B 
    other │   195 KiB │   195 KiB │  -8 B │ 428.4 KiB │ 428.4 KiB │   0 B 
──────────┼───────────┼───────────┼───────┼───────────┼───────────┼───────
    total │  12.8 MiB │  12.8 MiB │ -13 B │  21.8 MiB │  21.8 MiB │ +19 B 

 DEX     │ old   │ new   │ diff      
─────────┼───────┼───────┼───────────
   files │     1 │     1 │ 0         
 strings │ 43507 │ 43507 │ 0 (+1 -1) 
   types │ 14958 │ 14958 │ 0 (+0 -0) 
 classes │ 12642 │ 12642 │ 0 (+0 -0) 
 methods │ 61906 │ 61906 │ 0 (+1 -1) 
  fields │ 40832 │ 40832 │ 0 (+1 -1) 

 ARSC    │ old  │ new  │ diff 
─────────┼──────┼──────┼──────
 configs │  242 │  242 │  0   
 entries │ 6043 │ 6043 │  0
APK ``` compressed │ uncompressed │ ──────────┬───────┼───────────┬───────┤ size │ diff │ size │ diff │ path ──────────┼───────┼───────────┼───────┼─────────────────────────────────────────── 52.9 KiB │ -5 B │ 117.2 KiB │ 0 B │ ∆ META-INF/CERT.SF 4 MiB │ -4 B │ 8.7 MiB │ +20 B │ ∆ classes.dex 49.6 KiB │ -3 B │ 117.1 KiB │ 0 B │ ∆ META-INF/MANIFEST.MF 271 B │ -1 B │ 120 B │ 0 B │ ∆ META-INF/version-control-info.textproto 7.4 KiB │ -1 B │ 7.2 KiB │ -1 B │ ∆ assets/dexopt/baseline.prof 1.2 KiB │ +1 B │ 1.2 KiB │ 0 B │ ∆ META-INF/CERT.RSA ──────────┼───────┼───────────┼───────┼─────────────────────────────────────────── 4.1 MiB │ -13 B │ 9 MiB │ +19 B │ (total) ```
DEX ``` STRINGS: old │ new │ diff ───────┼───────┼─────────── 43507 │ 43507 │ 0 (+1 -1) + ~~R8{backend:dex,compilation-mode:release,has-checksums:false,min-api:21,pg-map-id:2c29aa1,r8-mode:full,version:8.3.37} - ~~R8{backend:dex,compilation-mode:release,has-checksums:false,min-api:21,pg-map-id:e6db348,r8-mode:full,version:8.3.37} METHODS: old │ new │ diff ───────┼───────┼─────────── 61906 │ 61906 │ 0 (+1 -1) + T4.T (HttpsURLConnection) - T4.T (HttpURLConnection) FIELDS: old │ new │ diff ───────┼───────┼─────────── 40832 │ 40832 │ 0 (+1 -1) + T4.T S: HttpsURLConnection - T4.T S: HttpURLConnection ```
amk-stripe commented 5 days ago

Do we also need to update the manifest?

jaynewstrom-stripe commented 5 days ago

Manifest change was reverted here @amk-stripe https://github.com/stripe/stripe-android/pull/8683