Add "TrustedApp-Prompt" for pod-hosted apps of same origin

[uvdsl]

Following a short discussion on [1], I would like to summarise the issue I ran into:

Problem:

When serving the an app from a Solid Pod, e.g. at https://uvdsl.host.name/apps/solid-test-app/ agent that use the same IDP as the agent providing the app, e.g. https://alice.host.name/profile/card#me does not receive the "Add as Trusted App"-Prompt.

Hence, she will receive 403 Origin Unauthorized error messages when accessing private resources.

Once, she added https://uvdsl.host.name as a trusted app in her profile, everything works as expected.

Side note: the user https://uvdsl.host.name/profile/card#me apparently does not need to add the app as a trusted app as it is served from his pod. I never ran into any issues here.

Possible Solution:

Add the "Add as Trusted App"-Prompt also to "same origin apps" if the authority of the app URI does not match the authority of the user's webId, e.g.

App URI: https://uvdsl.solid.aifb.kit.edu/apps/solid-test-app/ uvdsl WebId: https://uvdsl.host.name/profile/card#me Alice WebId: https://alice.host.name/profile/card#me

Alice should get prompted as the authority her WebId (alice.host.name) does not match the app URI's authority (uvdsl.host.name). uvdsl should not get prompted as there is not need for that anyway.

Thank you for giving us NSS.

[1] https://github.com/uvdsl/solid-test-app/issues/1

[bourgeoa]

Trusted app Preferences in the dashboard should check the input is a valid origin.