Skip to content

GitLab

F
fenix

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Opened by Matthew Finkel@sysrqbMaintainer
Report abuse New issue

Disallow Cleartext Traffic

Fenix allows cleartext traffic:

Indicates whether the app intends to use cleartext network traffic, such as cleartext
HTTP. The default value for apps that target API level 27 or lower is "true". Apps that
target API level 28 or higher default to "false".

When the attribute is set to "false", platform components (for example, HTTP and FTP
stacks, DownloadManager, and MediaPlayer) will refuse the app's requests to use cleartext
traffic. Third-party libraries are strongly encouraged to honor this setting as well. The
key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity,
and protections against tampering; a network attacker can eavesdrop on transmitted data
and also modify it without being detected.

Obviously, this shouldn't have any impact on Tor Browser, but let's set it as false for defense-in-depth.