<?xml version="1.0" encoding="utf-8"?>
<!--
- Copyright © 2018 Soren Stoutner <soren@stoutner.com>.
+ Copyright © 2018,2020,2022 Soren Stoutner <soren@stoutner.com>.
- This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
+ This file is part of Privacy Browser Android <https://www.stoutner.com/privacy-browser-android>.
- Privacy Browser is free software: you can redistribute it and/or modify
+ Privacy Browser Android is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
- Privacy Browser is distributed in the hope that it will be useful,
+ Privacy Browser Android is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
+ along with Privacy Browser Android. If not, see <http://www.gnu.org/licenses/>. -->
-<!-- Allow HTTP traffic and disable HSTS, which has no benefit for Privacy Browser (because unspecified links default to HTTPS) but has negative fingerprinting implications. -->
-<network-security-config>
- <base-config cleartextTrafficPermitted="true" hstsEnforced="false" />
+<network-security-config xmlns:tools="http://schemas.android.com/tools">
+ <!-- Allow HTTP traffic and disable HSTS, which has no benefit for Privacy Browser (because unspecified links default to HTTPS) but has negative fingerprinting implications. -->
+ <base-config
+ cleartextTrafficPermitted="true"
+ hstsEnforced="false"
+ tools:ignore="InsecureBaseConfiguration" >
+
+ <trust-anchors>
+ <!-- Trust system certificate authorities. -->
+ <certificates src="system" />
+
+ <!-- Trust user certificate authorities. -->
+ <certificates src="user" tools:ignore="AcceptsUserCertificates" />
+ </trust-anchors>
+ </base-config>
</network-security-config>
\ No newline at end of file