Open ThreeDeeJay opened 6 months ago
so it should definitely require explicit user confirmation like Firefox
Yes.
Technically its possible to override the HTTP client behaviour in case of a CERTIFICATE_VERIFY_FAILED
error. This stackoverflow answer shows how https://stackoverflow.com/a/61312927/2145395 . But this example uses the dart:io
library and not package:http/http.dart
like Obtainium does. It seems as if there is no possibility for this configuration with the http-package (https://pub.dev/documentation/http/latest/http/Client-class.html).
UPDATE: The solution above using HttpOverrides
may also work with package:http
, but only in combination with the IOClient
of the http-package: https://github.com/dart-lang/http/issues/458 and also https://github.com/dart-lang/http/issues/267
@ImranR98 maybe Obtainium can just ignore different hostnames? Downloading .xapk through browser does not produce any errors.
@ImranR98 tried v1.1.21 release, now I see different error with "allow insecure http requests", I think obtainium should not care from which domain does apk came, It is normal on uptodown that (x)apk comes from different domain.
New error:
Never seen that error, it's not something obtainium is checking for explicitly. What's the url you're adding?
@ImranR98 this url https://fate-grand-order.en.uptodown.com/android/download, can be reproduced with steps from this issue
If it's this one: https://fate-grand-order.en.uptodown.com/android
I was able to download it without problems (it couldn't install but that's a separate issue).
@ImranR98 unfortunately uptodown url without "/download" resulting in apk not found error:
That's weird, Obtainium should be trimming the path anyways
Created dedicated issue about this https://github.com/ImranR98/Obtainium/issues/1827
Prerequisites
Describe the feature
Some download sites like MiniLyrics have an expired certificate, which causes this error:
So it would be nice to have an option to proceed with the download anyway
Describe alternatives you've considered (if applicable)
Firefox is able to download the APK after prompting the user to proceed with the expired certificate
Additional context
I'm not sure how often this app is updated (even the UI is rather old and buggy, but the main functionality of downloading scrolling song lyrics -for better players that can't do out themselves like Musicolet- still works) Also I'm not sure if this would create a vulnerability (I think if there's a worst case scenario like a MITM attack that redirects download to a modified APK, signature mismatch would prevent installation anyway), so it should definitely require explicit user confirmation like Firefox