Closed Chralu closed 1 year ago
Hi @Chralu,
Do you have a couple of example podcasts or URLs I can try to reproduce this?
Thanks.
Hi @amugofjava ,
thanks to you for that great app :)
You can reproduce that issue with http://www.zqsd.fr/zqsd.xml I'll look for a fix this afternoon.
Actually, IMHO it reveals another small issue : shouldn't we show a information toast when download fails ?
Thanks @Chralu - glad you like the app.
Yes, a download failed toast would be useful. On Android failed downloads are shown in the notification panel; but, on iOS it does not.
On iOS info.plist
, we are using both NSAllowsArbitraryLoads
and NSAllowsArbitraryLoadsForMedia
.
According to official documentation,
A Boolean value indicating whether all App Transport Security restrictions are disabled for requests made using the AV Foundation framework. ... In iOS 10 and later and in macOS 10.12 and later, if you include this key with any value, then App Transport Security ignores the value of the NSAllowsArbitraryLoads key, instead using that key’s default value of NO.
A Boolean value indicating whether App Transport Security restrictions are disabled for all network connections.
This is what's done on Android (see network_security_config.xml
).
To me, we could accept non-SSL communications to download audio files.
However it might be risky to accept non-SSL for all http
communications.
http
scheme by https
.If we refuse non-SSL connections, user should be clearly informed : "Episode download failed : URL is invalid"
What do you think about it ?
Those two values were set as part of the setup of the just_audio
plugin; however, looking at the docs you have posted I read that as NSAllowsArbitraryLoadsForMedia
disables NSAllowsArbitraryLoads
. I will do some testing with the two flags.
Hi, this issue is problematic for my daily use of anytime podcast.
I made a PR to enforce systematic https usage. If that solution doesn't suit the project, I can make another PR to accept non-http connections on iOS.
@amugofjava What do you think about that ?
Longer term it would be better to force https across all connections, but the approach I would like to take is to store all urls as is, and force https upon usage. I am also thinking about the extension code. It's personal preference, but the forceHttps method feels more like and extension to the url functions rather than String.
There is also an issue with the downloader when an https url redirects to an http one (the BBC seem to have several podcasts that do this) which I am also considering, but I'll raise another issue for this.
As this is a causing you issues I will merge #95 PR for now and come back to this.
Is your feature request related to a problem? Please describe. Some RSS provide
http
URLs (without SSL) to download audio files.In that case, clicking on the episode download button does nothing (on iOS). Whereas stream reading episodes works perfectly.
Describe the solution you'd like As audio file downloading is not risked, maybe we should accept
HTTP
connections.