Connect version 4.20 broke local http access?

I just received Connect 4.21 on my android device and it looks like it does not solve this problem yet.

Nice to have:

Another use-case outside the localhost, would be my HiFi receiver. It can be controlled by webrequests easily. But off course I cannot install a certificate on it!

Currently I got an ESP32 running, to do that. It would be nice to enter my home after a tough run, start my music with a single touch and go under the shower.

It is very uncommon for a lot of devices to use SSL in a local network at home.

Just to add my usecase to this as I, too, am being impacted.

My app, GarmPro Remote (https://apps.garmin.com/en-US/apps/8ac815d0-c476-4abd-8f29-98da8e7aac3c) sends http POST commands to a gopro that is a direct WIFI connection. An example of this request for a JSON response would be: http://10.5.5.9/gp/gpControl/status. There is not https equivalent of this interface unfortunately. 

Just to add my two ha'porth.

One of my use cases is a set of REST calls from an FR935 to a server on my home network that does not support https:// and the code of which is not in my control. 

After the https:// requirement hardened I had to introduce a whole managed Comm layer on the watch and a complete Android companion application in order to get the requests from the watch to the server. What had been a straightforward and relatively timely makeWebRequest() became a fraught mini-protocol with a path length a couple of orders of magnitude longer and slower.  

It is my understanding that this is really all down to Apple, long before Google and Garmin.

Even if - and I know it is purely hypothetical and will not happen for the reasons others have noted - even if it were possible to establish a trusted certificate chain for home network topologies, why should I have to go begging to an external CA for permission to flow traffic across my own private network ???

</rant>

Since i had some tim today i did some tests

1. Using android studio i created an android app which did a plain HTTP request to a local webserver (in my case http://<ip>adress/script.php and show the output in a textview

2. test this code under SDK 26, 28 and 29

The outcome:

- when using a webview it worked under all SDK's

- when using a stringrequest Under SDK26: works perfectly, under SDK28 and 29 i immediately got a timeout error, just like currently happens in the ConnectIQ apps

So i started studying the official Android documentation (developer.android.com/.../security-config.html) which states that only the defualt changes, but apps who need plainhttp still can use it if they specify it in a network security xml file and i found out there is a very easy fix, which solves all uses cases above

1. Add  android:networkSecurityConfig="@xml/network_security_config" to the Application section in the manifest

2. Create a file res/xml/network_security_config with the following contents:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>

I retested and found out the timeout error is gone, my app could do plain HTTP again, also on SDK 28 and 29.

@Garmin developers: Please implement this fix!!!!!!!!!!!!!!!!!!!!!!!