Complete

over 4 years ago

Garmin Connect Mobile 4.22 for Android includes the changes to allow HTTP on 127.0.0.1.

Connect version 4.20 broke local http access?

Getting several reports of functionality no longer working, it looks like Android Garmin connect app version 4.20 may have broken web request to local host via urls like http://127.0.0.1:17580/sgv.json?count=3

Horsetooth

Parents

akamming over 4 years ago in reply to Brandon.ConnectIQ

Brandon,

the fix which has been made is a change the se, becurity_config_xml to

<?xml version="1.0" encoding="UTF-8"?>

-<network-security-config>

-<debug-overrides>

-<trust-anchors>

<certificates src="user"/>

</trust-anchors>

</debug-overrides>

-<domain-config cleartextTrafficPermitted="true">

<domain includeSubdomains="true">garmin.com</domain>

<domain includeSubdomains="true">garmin.cn</domain>

<domain includeSubdomains="true">garmincdn.com</domain>

<domain includeSubdomains="true">kklian.net</domain>

<domain includeSubdomains="true">strava.com</domain>

<domain includeSubdomains="true">127.0.0.1</domain>

</domain-config>

</network-security-config>

however as stated before in this thread: If you change to

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>

all uses cases in this thread are fixed, because HTTP is allowed again. This is supported by Google (https://developer.android.com/training/articles/security-config), see section <base config>

can you please reconsider your solution?
- Cancel
- Up 0 Down
- More
- Cancel

Comment

akamming over 4 years ago in reply to Brandon.ConnectIQ

Brandon,

the fix which has been made is a change the se, becurity_config_xml to

<?xml version="1.0" encoding="UTF-8"?>

-<network-security-config>

-<debug-overrides>

-<trust-anchors>

<certificates src="user"/>

</trust-anchors>

</debug-overrides>

-<domain-config cleartextTrafficPermitted="true">

<domain includeSubdomains="true">garmin.com</domain>

<domain includeSubdomains="true">garmin.cn</domain>

<domain includeSubdomains="true">garmincdn.com</domain>

<domain includeSubdomains="true">kklian.net</domain>

<domain includeSubdomains="true">strava.com</domain>

<domain includeSubdomains="true">127.0.0.1</domain>

</domain-config>

</network-security-config>

however as stated before in this thread: If you change to

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>

all uses cases in this thread are fixed, because HTTP is allowed again. This is supported by Google (https://developer.android.com/training/articles/security-config), see section <base config>

can you please reconsider your solution?
- Cancel
- Up 0 Down
- More
- Cancel

Children

akamming over 4 years ago in reply to Horsetooth

Totally agree. That's exactly what's happening here.
- Cancel
- Up 0 Down
- More
- Cancel
Horsetooth over 4 years ago in reply to akamming

I don't have any skin in the non localhost issue, but if I understand you find right,I it very concerning that Garmin thinks it's ok to allow http traffic to their own domains but doesn't think anyone else should be using it.
- Cancel
- Up +1 Down
- More
- Cancel