search

kiwix / libkiwix

Common code base for all Kiwix ports
https://download.kiwix.org/release/libkiwix/
GNU General Public License v3.0
112 stars 54 forks source link

Should external catcher relax on scheme change? #1058

Open rgaudin opened 4 months ago

rgaudin commented 4 months ago

I noticed that in an HTTP zimit1 scenario, when accessing the ZIM, warc2zim offers to switch to HTTPs in order to allow Service Workers.

Screenshot 2024-02-21 at 15 06 02

When clicking this link, I get the external catcher

Screenshot 2024-02-21 at 15 06 28

As a user, I was surprised by this because it didn't feel like I was going online (and I wasn't).

I wonder if we should relax our isExternalUrl() check to allow identical URLs but on a different scheme 🤔

https://github.com/kiwix/libkiwix/blob/86100b39ed4b0cc5bd699ae237d2ebad5a6deb68/static/skin/viewer.js#L313-L320

kelson42 commented 4 months ago

This is a bug IMO.

mgautierfr commented 4 months ago

Seems indeed something to do. Especially we are redirecting our user to a https url.

But for the record, cross-origin differentiate between http and https. I don't think it is important here, but somehow related and good to remember.

kelson42 commented 4 months ago

Not sure here how would look like the next step?