skip to Main Content

I recently updated my android studio to Arctic Fox and got an error in my project

A problem occurred configuring root project 'so10'.
> Could not resolve all dependencies for configuration ':classpath'.
   > Using insecure protocols with repositories, without explicit opt-in, is     unsupported. Switch Maven repository 
'maven3(http://oss.sonatype.org/content/repositories/snapshots)' to redirect to a secure protocol (like HTTPS) or allow insecure protocols.
 See https://docs.gradle.org/7.0.2/dsl/org.gradle.api.artifacts.repositories.UrlArtifactRepository.html#org.gradle.api.artifacts.repositories.UrlArtifactRepository:allowInsecureProtocol for more details. 

This is my gradle where the problem occurs

repositories {
    // maven { url 'https://maven.fabric.io/public' }
    maven { url "https://jitpack.io" }
    maven { url 'https://raw.github.com/Raizlabs/maven-releases/master/releases' }
    maven { url 'http://oss.sonatype.org/content/repositories/snapshots'}
    maven { url "https://plugins.gradle.org/m2/" }
    maven { url 'https://maven.google.com'  }
    google()
    mavenCentral()
    jcenter()
}

How do I solve it?

7

Answers


  1. For insecure HTTP connections in Gradle 7+ versions, we need to specify a boolean allowInsecureProtocol as true to MavenArtifactRepository closure.
    Since you have received this error for sonatype repository, you need to set the repositories as below:

    1. Groovy DSL
    repositories {
        maven {
            url "http://oss.sonatype.org/content/repositories/snapshots"
            allowInsecureProtocol = true
        }
        // other repositories ...
    }
    
    1. Kotlin DSL
    repositories {
        maven {
            url = uri("http://oss.sonatype.org/content/repositories/snapshots")
            isAllowInsecureProtocol = true
        }
        // other repositories ...
    }
    
    Login or Signup to reply.
  2. or you can just replace HTTP with HTTPS.

    Login or Signup to reply.
  3. Note that Gradle 7 onwards, any insecure URL is blocked, not only for repositories, so applying scripts would also fail.

    apply from: "http://mycompany.com/buildscript.gradle"
    

    Applying script plugins from insecure URIs, without explicit opt-in, is unsupported.

    If you can’t use HTTPS for whatever reasons, then do the following:

    apply from: resources.text.fromInsecureUri("http://mycompany.com/buildscript.gradle")
    

    However, if I were a Gradle dev, I’d provide a org.gradle.allow-insecure-protocol=true to be set in the gradle.properties and be done. I’ve opened https://github.com/gradle/gradle/issues/18006 for that.

    Login or Signup to reply.
  4. For those using the Kotlin DSL, the property name is different isAllowInsecureProtocol

    maven {
        url = uri("http://oss.sonatype.org/content/repositories/snapshots")
        isAllowInsecureProtocol = true
    }
    
    Login or Signup to reply.
  5. Add allowInsecureProtocol = true for all unsecure http in repositories e.g.

    maven {
            url "http://storage.googleapis.com/r8-releases/raw"
            allowInsecureProtocol = true
        }
    
    maven {
            url "http://tokbox.bintray.com/maven/"
            allowInsecureProtocol = true
        }
    
    Login or Signup to reply.
  6. I tried to switch to maven2 solved my problem

     maven2 {
                url "http://oss.sonatype.org/content/repositories/snapshots"
                allowInsecureProtocol = true
            }
    
    Login or Signup to reply.
  7. For me, coding the assignment statement "allowInsecureProtocol = true" stopped working** in a recent workspace using Gradle 7.x (the reason as yet, is unknown.)
    I found that when I instead coded setAllowInsecureProtocol(true) and it was OK again.

     maven {    url "http://myinsecure/repository..."; 
                setAllowInsecureProtocol(true);
                // allowInsecureProtocol = true
            }
    

    I have no info about exactly when the assignment statement stopped working.

    Also, regarding comments about using https instead – I get it – it’s good advice, but in this instance that is out of my control.

    ** referring to the build.gradle …maven clauses

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search