Open rgaudin opened 4 months ago
This is a bug IMO.
Seems indeed something to do. Especially we are redirecting our user to a https url.
But for the record, cross-origin differentiate between http and https. I don't think it is important here, but somehow related and good to remember.
Not sure here how would look like the next step?
I noticed that in an HTTP zimit1 scenario, when accessing the ZIM, warc2zim offers to switch to HTTPs in order to allow Service Workers.
When clicking this link, I get the external catcher
As a user, I was surprised by this because it didn't feel like I was going online (and I wasn't).
I wonder if we should relax our
isExternalUrl()
check to allow identical URLs but on a different scheme 🤔https://github.com/kiwix/libkiwix/blob/86100b39ed4b0cc5bd699ae237d2ebad5a6deb68/static/skin/viewer.js#L313-L320