android/app/src/main/res/xml/network_security_config.xml at feat/comment-thread-collapse · bretton.dev/coves-mobile

bretton.dev / coves-mobile

Main coves client

coves-mobile / android / app / src / main / res / xml / network_security_config.xml

at feat/comment-thread-collapse 1.1 kB view raw

 1<?xml version="1.0" encoding="utf-8"?>
 2<network-security-config>
 3    <!--
 4        ⚠️ DEVELOPMENT ONLY - Remove cleartext traffic before production release ⚠️
 5
 6        This configuration allows HTTP (cleartext) traffic to localhost and local IPs
 7        for development purposes only. In production, ALL traffic should use HTTPS.
 8
 9        TODO: Use build flavors (dev/prod) to separate network configs
10        TODO: Remove this file entirely for production builds
11        TODO: Ensure production API uses HTTPS only
12
13        Security Risk: Cleartext traffic can be intercepted and modified by attackers.
14        This is ONLY acceptable for local development against localhost.
15    -->
16    <domain-config cleartextTrafficPermitted="true">
17        <!-- Local development addresses only -->
18        <domain includeSubdomains="true">192.168.1.7</domain>
19        <domain includeSubdomains="true">localhost</domain>
20        <domain includeSubdomains="true">127.0.0.1</domain>
21        <domain includeSubdomains="true">10.0.2.2</domain> <!-- Android emulator -->
22    </domain-config>
23</network-security-config>