Platform Transport Security Plugin

Enforces transport security settings across Android and iOS projects by flowing changes through the package's base mod pipeline.

Capabilities

Platform base mod integration

• Registers platform file providers so Android manifest XML and iOS Info.plist files are read, mutated, and written through the mod pipeline rather than ad-hoc file IO. @test

Android cleartext policy

• When allowCleartext is false or omitted, the resulting Android manifest sets android:usesCleartextTraffic on the <application> node to false while preserving other attributes and child nodes. @test
• When allowCleartext is true, the manifest sets android:usesCleartextTraffic to true without duplicating the attribute if it already exists. @test

iOS ATS exceptions

• When allowedDomains contains hostnames, Info.plist gains an NSAppTransportSecurity dictionary with NSAllowsArbitraryLoads set to false and per-domain exceptions that allow insecure HTTP loads only for the provided hosts. @test
• When no options are provided, the plugin leaves Info.plist unchanged. @test

Implementation

@generates

API

export type TransportSecurityOptions = {
  allowCleartext?: boolean;
  allowedDomains?: string[];
};

export function withTransportSecurity(
  config: Record<string, any>,
  options?: TransportSecurityOptions
): Record<string, any>;

Dependencies { .dependencies }

@expo/config-plugins { .dependency }

Provides base mod utilities for registering platform file providers and composing config plugins.