fix: allow cleartext traffic

[RohitKushvaha01]

No description provided.

[greptile-apps]

Greptile Summary

This PR attempts to enable cleartext (HTTP) traffic in the Acode Android app by adding android:usesCleartextTraffic="true" to the manifest and cleaning up the network_security_config.xml. It also fixes the <edit-config> target path from AndroidManifest.xml to app/src/main/AndroidManifest.xml for consistency with the rest of the config.

Key observations:

• The <base-config cleartextTrafficPermitted="true"> was already present in network_security_config.xml before this PR, meaning cleartext traffic was already globally permitted. The new android:usesCleartextTraffic="true" manifest flag is redundant on API 24+ where the network security config takes precedence.
• The removed <domain-config> block contained an invalid wildcard domain (*), which is not supported by Android's network security config — so its removal is a cleanup, not a loss of functionality.
• The <edit-config> path fix (app/src/main/AndroidManifest.xml) aligns the application block with the activity block already using that path, which is the correct Cordova project layout path.
• A trailing newline is missing at the end of network_security_config.xml.

Confidence Score: 5/5

Safe to merge — all remaining findings are minor style suggestions with no impact on correctness or security posture.

The actual security posture is unchanged from before this PR since base-config cleartextTrafficPermitted="true" was already in place. The new manifest flag is redundant but harmless. The only open findings are a redundant attribute (P2) and a missing EOF newline (P2), neither of which blocks merging.

No files require special attention.

Important Files Changed

Filename	Overview
config.xml	Refactors <edit-config> to use the explicit app/src/main/AndroidManifest.xml path, splits attributes into separate <application> elements, and adds the redundant android:usesCleartextTraffic="true" flag (cleartext is already globally allowed via the network security config's base-config).
res/android/xml/network_security_config.xml	Removes the <domain-config> block (which included an invalid wildcard * domain and localhost); the existing <base-config cleartextTrafficPermitted="true"> was already permitting cleartext globally, so the net security posture is unchanged. Missing trailing newline at EOF.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[HTTP Request from App] --> B{API Level?}
    B -->|API 24+| C[Network Security Config evaluated]
    B -->|API < 24| D[android:usesCleartextTraffic flag]
    C --> E{base-config\ncleartextTrafficPermitted=true}
    E -->|All domains| F[✅ Cleartext Allowed]
    D -->|usesCleartextTraffic=true| F
    F --> G[HTTP traffic proceeds]

Loading

_{Reviews (4): Last reviewed commit: "." | Re-trigger Greptile}

[RohitKushvaha01]

@greptileai

[RohitKushvaha01]

@greptileai

[github-actions]

Preview Release for this, has been built.

Click here to view that github actions build

[bajrangCoder]

Removing this can cause something maybe security related, there was something happened in past

[bajrangCoder]

I mean check that area 🤔