Tech With Sam

Tech With Sam

Solving the new HTTPS requirements in Flutter

Solving the new HTTPS requirements in Flutter

Subscribe to my newsletter and never miss my upcoming articles

The new beta includes some unexpected surprises

Since this morning, after updating my Flutter beta install, it has been refusing to load any resources from HTTP with this error:

Unhandled error Bad
state: Insecure HTTP is not allowed by the platform

If you’re here because you’ve been furiously Googling a fix, and you don’t care why it’s broken, and you just want it fixed, here’s what you can do:

  1. Navigate to your project
  2. Go to yourapp\android\app\src\debug\AndroidManifest.xml
  3. Add this line
<application android:usesCleartextTraffic="true">
</application>

4. Build your debug app and deploy it to your device of choice. It should work now.

Why is this happening?

Since a change in dart_sdk last month, outbound connections are checked to see if they are permitted to occur in plaintext HTTP. The commit that includes this change can be seen here. To be precise, this is the particular lines that are causing us grief:

Image for post

The check that is failing for us, is the check for isInsecureConnectionAllowed . The API documentation for how that function works is here, but basically, it allows localhost connections but not the 10.0.2.2 connection that your Android Emulator uses to connect to your local computer. The only way this is permitted is if your application specifically requests to use cleartext HTTP connections. When we update the debug AndroidManifest.xml , our debug builds are specifically allowed to use plaintext traffic, but our release builds have the same HTTPS requirement.

If you ask me, cleartext HTTP should be fine in debug settings, but should obviously fail in a release. The only reason why I think this is because it is very difficult to install SSL CA root certificates on an Android Emulator and use HTTPS in development, and the benefit is that your local traffic is encrypted. This should only ever be fake data, so transmitting this over HTTP locally isn’t that big a deal (to me anyway, your thoughts may differ).

If there are steps for iOS on how to resolve this I will update this article. Until then, happy Fluttering!

Image for post

🔗 Social Media / Let's Connect 🔗 ==> Github | Twitter | Youtube | WhatsApp | LinkedIn | Patreon | Facebook.

Join the Flutter Dev Community 👨‍💻👨‍💻 ==> Facebook | Telegram | WhatsApp | Signal.

Subscribe to my Telegram channel | Youtube channel | and also to hashnode newsletter in the input box above 👆👆. Thanks

Happy Fluttering 🥰👨‍💻

 
Share this
Proudly part of