Skip to content

Flutter Maven repository should support HTTPS #47452

New issue
New issue
Closed
#52042
Closed
Flutter Maven repository should support HTTPS#47452
#52042
Labels
a: existing-appsIntegration with existing apps via the add-to-app flowplatform-androidAndroid applications specificallyt: gradle"flutter build" and "flutter run" on AndroidtoolAffects the "flutter" command-line tool. See also t: labels.
@GerritKopp

Description

@GerritKopp
GerritKopp
opened on Dec 19, 2019

The Flutter Maven repository (download.flutter.io) can't be accessed via HTTPS because of a certificate error (wrong host). In my opinion you should be able to download the artifacts via HTTPS for security reasons. Is the repository available via another URL or can the certificate error be fixed?

Activity

janmoppel
added
c: new featureNothing broken; request for a new capability
on Dec 19, 2019
dnfield
added
d: website - infra
platform-androidAndroid applications specifically
and removed
c: new featureNothing broken; request for a new capability
on Dec 19, 2019
dnfield

dnfield commented on Dec 19, 2019

@dnfield
dnfield
on Dec 19, 2019
Contributor

@blasten @kf6gpe - we need to fix the certificate attached to download.flutter.io/download.flutter.dev. Looks like it's using the one for *.storage.googleapis.com, which triggers a bunch of warnings/errors over HTTPS.

xster
added
t: gradle"flutter build" and "flutter run" on Android
a: existing-appsIntegration with existing apps via the add-to-app flow
on Dec 19, 2019
xster
added this to the Near-term Goals milestone on Dec 19, 2019
blasten

blasten commented on Dec 23, 2019

@blasten
blasten
on Dec 23, 2019

+1. GCP storage only supports CNAME entries for custom domains, which doesn't allow HTTPS.
https://cloud.google.com/storage/docs/troubleshooting#https

If we think this is critical, then we might either need to migrate to Firebase hosting as suggested in the GCP storage doc or drop the custom domain and use https://storage.googleapis.com/download.flutter.io directly.

dnfield

dnfield commented on Dec 23, 2019

@dnfield
dnfield
on Dec 23, 2019
Contributor

Would the setting up a load balancer option work out for us?

I think we should probably avoid firebase hosting for this - it will become tedious as we add more and more files (AFAIK it requires a complete local copy of your static assets to compare/upload - there's no way to just say "add these new assets").

If a load balancer doesn't work, I'd vote for just using the storage.googleapis.com domain directly. Will that have any negative impact on Chinese customers though?

jmagman
added
toolAffects the "flutter" command-line tool. See also t: labels.
on Jan 3, 2020
nvi9
mentioned this on Jan 31, 2020
skyred

skyred commented on Feb 2, 2020

@skyred
skyred
on Feb 2, 2020

any negative impact on Chinese customers though

Cannot speak for the future, but currently https://storage.googleapis.com/download.flutter.io works in China.

dnfield

dnfield commented on Feb 2, 2020

@dnfield
dnfield
on Feb 2, 2020
Contributor

@blasten what would it take to just use storage.googleapis directly?

blasten

blasten commented on Feb 4, 2020

@blasten
blasten
on Feb 4, 2020

very easily.

flutter/packages/flutter_tools/gradle/resolve_dependencies.gradle

Line 21 in 449f4a6

url "http://download.flutter.io"
and

flutter/packages/flutter_tools/gradle/flutter.gradle

Line 44 in 2042c7d

private static final String MAVEN_REPO = "http://download.flutter.io";

aquilarafa
mentioned this on Feb 18, 2020
TahaTesser
mentioned this on Mar 4, 2020
jmagman
mentioned this on Mar 5, 2020
jmagman

jmagman commented on Mar 5, 2020

@jmagman
jmagman
on Mar 5, 2020
Member

Need to update docs as well https://flutter.dev/docs/development/add-to-app/android/project-setup#option-a---depend-on-the-android-archive-aar

jmagman
mentioned this on Mar 5, 2020
jmagman

jmagman commented on Mar 5, 2020

@jmagman
jmagman
on Mar 5, 2020
Member

Docs and sample updated.
flutter/website#3768
flutter/samples#355

jmagman
closed this as completedin #52042on Mar 6, 2020
github-actions

github-actions commented on Aug 16, 2021

@github-actions
github-actions
on Aug 16, 2021

This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v and a minimal reproduction of the issue.

github-actions
locked as resolved and limited conversation to collaborators on Aug 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    a: existing-appsIntegration with existing apps via the add-to-app flowplatform-androidAndroid applications specificallyt: gradle"flutter build" and "flutter run" on AndroidtoolAffects the "flutter" command-line tool. See also t: labels.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @xster@skyred@jmagman@blasten@GerritKopp

      Issue actions
        Flutter Maven repository should support HTTPS · Issue #47452 · flutter/flutter