If your code tries to open an insecure socket to a host on iOS or Android,
SocketException is now thrown with the following message:
Insecure socket connections are disallowed by platform: <host>
With this change Flutter also disables insecure connections on mobile platforms. Other platforms (desktop, web, etc) are not affected.
You can override this behavior by following the platform-specific guidelines to define a domain-specific network policy. See migration guide below for details.
On iOS, you can add NSExceptionDomains to your application’s Info.plist.
On Android, you can add a network security config XML.
For Flutter to find your XML file, you need to also add a
metadata entry to the
<application> tag in your manifest.
This metadata entry should carry the name:
and should contain the resource identifier of the XML.
For instance, if you put your XML configuration under
res/xml/network_security_config.xml, your manifest would contain:
<application ...> ... <meta-data android:name="io.flutter.network-policy" android:resource="@xml/network_security_config"/> </application>
- Build time configuration is the only way to change network policy. It cannot be modified at runtime.
- Localhost connections are always allowed.
- You can allow insecure connections only to domains. Specific IP addresses are not accepted as input. This is in line with what platforms support.
Landed in version: 1.22
In stable release: not yet
API documentation: There’s no API for this change since the modification to network policy is done via platform specific configuration as detailed above.