HTTP/S does not work in Android release build

Hey guys,

I built an app using the $http service which works nice in debug mode.
However, when I build a release and run it on Android none of the requests work (neither HTTP nor HTTPS).
What I did so far:

  1. whitelist plugin reinstalled
  2. put into config.xml: <access origin="*" subdomains="true" /><allow-navigation href="https://*/*" /><allow-navigation href="data:*" />
  3. added to index.html: <meta http-equiv="Content-Security-Policy" content="default-src 'self' https: ; style-src 'self' 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ">
  4. Added ng-csp to <body> tag
  5. made sure the HTTPS works fine (via

What could I have missed? Spent lots of time reading and trying, but no success to this point :-/


Did you try to run it in device like “ionic run android”?

Sure, as I wrote debug mode works. Only after “ionic build --release android” all http/s requests fail.

are you using self signed certificates? If so, you either need to make changes to or use some plugins. I had a custom version of SystemWebViewClient to enable SSL to work with untrusted certs, but crosswalk uses other files, so I landed up just switching between two different plugins based on which build I was creating (with or without xwalk)

1 Like

Thank you. The certificate is by Let’s Encrypt and ssllabs or Chrome browser did not find any problems.
What I find most strange is, that even HTTP (without S) does not work, the .error(function(data) { … }) gives me undefined for data :-/
I tried the crosswalk plugin without success, only the HTTPS requests seem to take much longer until I get to see the error message.

Any more ideas?
Is there a way to debug this in a release build?

same my app. I test on browser so cool faster and post service work done.but when i build on device perfomance so slow and my button for post json not work.I tried alert pop up in method for show any event handling but not anything. another solution I reinstall cordova whitelist,edit config.xml–> ,edit index.html same you and add getbutton(http.get)and alert for it works but post button not work.

cordova :6.2
node :6.2
Ionic Version: 2.0.0-beta 8

If neither HTTP nor HTTPS are working, the chances are very high its a Content Security Policy issue.
Can you try using this one, verbatim and see what happens?

And then try a simple $http.get

1 Like

Thank you, now it works with HTTP and So I’m guessing it is a self-signed cert issue. But the certificate got rated A+ by :unamused: Is it possible that the Ionic library does not accept Let’s Encrypt yet?

Ok, resolved / dammit :slight_smile:
Locally the domain is resolved to a local IP address going a different route with a different certificate. @Pliablepixels, thanks for your great support!

Ah, good catch. Glad you solve it!

Hi @shiziluosidao , could you please have a look at my problem. :grin: It seems to be similar to yours…

@shiziluosidao Can you please tell me how did you resolve the issue. I have also tried everything suggested everywhere but not solution.
Banging my head from past 2 days.

My problem was an Apache server with an incorrectly configured HTTPS certificate. Therefore it did not load the page. If your server is properly setup (with like LetsEncrypt) it should work when allowing access in your config.xml


  1. Can you please elaborate what was incorrect in your HTTPS setup. When I check my url on ssl checkers they respond “it is correct”.

  2. By “Allowing access in config.xml” you mean this…???

I have the same problem, how did you solve it?

Hey shiziluosidao

Can you describe the steps you have taken to resolve this issue. I am facing similar issue while getting build from creator side of ionic.


how did you verify that this is an invalid certificate? I have the same problem but the site certificate works correctly on browsers and the ssl check tells me that the certificate is valid. But I have seen that the problem occurs only on android devices <5.1

I had a local DNS pointing differently at the website (without reverse proxy), so it accessed a different webserver (not the reverse proxy).