search

pwa-builder / PWABuilder

The simplest way to create progressive web apps across platforms and devices. Start here. This repo is home to several projects in the PWABuilder family of tools.
https://docs.pwabuilder.com
Other
2.55k stars 273 forks source link

[BUG] PWABuilder reporting "You do not have a secure HTTPS server" #4622

Closed pod12 closed 5 months ago

pod12 commented 5 months ago

Link to the report card page

https://www.pwabuilder.com/reportcard?site=https://payoffdeals.com

What Store were you trying to package for?

Android, iOS and Windows

What is the error message you received?

PWABuilder error:

You do not have a secure HTTPS server

PWABuilder has done a basic analysis of your HTTPS setup and has identified required actions before you can package. Check out the documentation linked below to learn more.

Paste your stack trace below

Can't find any errors on console.

What environment were you using?

Win 10 Chrome - v 120.0.6099.225 (Official Build) (64-bit)

Additional context

On Chrome and Edge, service worker and manifest files detected properly, install prompt triggers.

Chrome Lighthouse testing succeeds for PWA capability

Not sure if it's relevant, when browser address bar is hit, installability error pops up for a short period and goes off. In PWABuilder, service worker gets detected initially, but after additional tests PWABuilder resets the result (for service worker) and shows HTTPS error.

Tested for mixed content, none found that we can detect. Chrome security tab shows that site is secured and content is delivered securely

sacru2red commented 5 months ago

same here

khmyznikov commented 5 months ago

same here

Your is different, answered in Discord.

khmyznikov commented 5 months ago

@pod12 your app is doing weird page refreshes and during the validation it opens 404.html page for some reason. Because of this, the validation results resets and returns empty values. Do you know why this can happen? Maybe this is because of the manifest id. It's just "payoffdeals" and this page can't reachable... Maybe change to "?payoffdeals=true" something like this.

pod12 commented 5 months ago

@khmyznikov Thank you for looking into this.

Ideally a 404.html will be returned as a response to an invalid request url (you can try messing with urls to see this).

Is it possible to find the url to which 404.html was sent as a response?

I have changed manifest id to "?pod=y" and tested but no luck.

Regarding page refresh - App auto detects region and adopts content. If no content is found for a specific region, then it tries "global" (the refresh you are referring to), this behavior depends on the region of access. Try changing country to india or US it won't refresh but if you try Serbia it will (because we don't have content for this region yet and it will try fetching content that covers this region. You can see globe icon having a green background indicating it's active - pls click on globe icon for details).

Some more info on 404.html - We have a web filter that intercepts each and every request and does some checks. Any uncaught exception in this filter can also trigger a 404.html. It will be really helpful if you can find the url's that are receiving 404.html as response.

jgw96 commented 5 months ago

Hey all! Should this be handled in our Discord instead? It does not look like this is a PWABuilder issue at the moment. @khmyznikov what do you think?

pod12 commented 5 months ago

@jgw96 Quick update, 404.html errors are fixed, now there are none that i can find from logs (which were seen earlier), PWABuilder still complains about HTTPS setup.

Regarding refresh, i can disable that option but that doesn't change anything because when PWABuilder is run from web, the request location detected was US and that doesn't trigger any refresh. So, when PWABuilder is run from web, App doesn't have any errors or conditions of it's own (known at this point in time) that could prevent PWABuilder from doing what it suppose to do.

pod12 commented 5 months ago

@khmyznikov More info, Open App in browser, open dev tools, go to Application tab and select manifest, hit url bar (highlight url in address bar and press enter, not a refresh or force reload). At this point, we can see that there is a complaint about "url not being served from secure origin" shown for a short period of time and disappears once page starts loading.

Note that this behavior is not seen when you first load the page or perform a refresh/hard-refresh.

Not sure if above mentioned was the condition hit by the PWAByuilder (during additional tests) and assumes site is not secured. But surprisingly browser (Chrome and Edge) recovers from this.

When Lighthouse is tried on the page locally (on browser) for PWA capability, it succeeds. We can see similar "insecure origin" error for manifest file during the far end of the test but final result says test succeeded.

Chrome/Edge browser test doesn't seem to complain but it could be that for some reason PWABuilder is stopping it's tests at this point and complains with an "HTTPS" error.

Also, PWABuilder resets detection of service worker from report card (which it had identified earlier prior to additional tests), is it possible that this behavior is tied to above condition i.e. when you detect insecure origin everything else gets invalidated (But it won't reset manifest file detection - not sure why?)

khmyznikov commented 5 months ago

@pod12 requests captured during the validation

https://payoffdeals.com/
https://payoffdeals.com/ikons/healthandmedicine.jpg
https://payoffdeals.com/ikons/fooddelivery.jpg
https://payoffdeals.com/css/reset.css
https://payoffdeals.com/css/normalize.css
https://payoffdeals.com/css/bootstrap.min.css
https://payoffdeals.com/css/slick.css
https://payoffdeals.com/css/slick-theme.css
https://payoffdeals.com/css/jquery-loading.css
https://payoffdeals.com/css/font-awesome.min.css
https://payoffdeals.com/css/cookiealert.css
https://payoffdeals.com/css/auto-complete.css
https://payoffdeals.com/css/lity.min.css
https://payoffdeals.com/css/fssearch.css
https://payoffdeals.com/css/flag-icons.min.css
https://payoffdeals.com/css/slideshow.min.css
https://payoffdeals.com/css/tipsy.css
https://payoffdeals.com/css/style.min.css?_v=8
https://polyfill.io/v3/polyfill.min.js
https://payoffdeals.com/js/jquery.min.js
https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,300;0,400;0,700;0,900;1,300;1,400;1,700;1,900&display=swap
https://fonts.googleapis.com/css2?family=Alfa+Slab+One&display=swap
https://payoffdeals.com/js/jquery.lettering-0.6.1.min.js
https://payoffdeals.com/js/jquery-loading.js
https://payoffdeals.com/js/bootstrap.min.js
https://payoffdeals.com/js/slick.min.js
https://payoffdeals.com/js/lity.min.js
https://payoffdeals.com/js/breakpoints.min.js
https://payoffdeals.com/js/encrypt.min.js
https://payoffdeals.com/js/store.min.js
https://payoffdeals.com/js/js.cookie.min.js
https://payoffdeals.com/js/slideshow.min.js
https://payoffdeals.com/js/jquery.tipsy.js
https://payoffdeals.com/appinstall.min.js
https://payoffdeals.com/js/misc.min.js?_v=17
https://payoffdeals.com/js/common.min.js?_v=16
https://payoffdeals.com/js/index.min.js?_v=5
https://payoffdeals.com/ikons/groceries.jpg
https://payoffdeals.com/ikons/electronics.jpg
https://payoffdeals.com/ikons/departmental.jpg
https://payoffdeals.com/ikons/beauty&personalcare.jpg
https://payoffdeals.com/ikons/education.jpg
https://payoffdeals.com/ikons/rechargeandbillpayments.jpg
https://payoffdeals.com/ikons/fashion.jpg
https://poderror.s3.ap-south-1.amazonaws.com/sayb.webp
https://payoffdeals.com/js/cookiealert.js
https://www.googletagmanager.com/gtm.js?id=GTM-MQJ8HZM
https://payoffdeals.com/css/ajax-loader.gif
https://fonts.gstatic.com/s/alfaslabone/v19/6NUQ8FmMKwSEKjnm5-4v-4Jh2dJhe_escmA.woff2
https://payoffdeals.com/fonts/fontawesome-webfont.woff2?v=4.7.0
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
https://fonts.gstatic.com/s/alfaslabone/v19/6NUQ8FmMKwSEKjnm5-4v-4Jh2dJhe_escmA.woff2
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
https://payoffdeals.com/fonts/fontawesome-webfont.woff2?v=4.7.0
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
https://payoffdeals.com/api/user/usercountry
https://payoffdeals.com/js/touchviolationhandling.min.js
https://payoffdeals.com/js/fp.min.js?_=1706005951991
https://payoffdeals.com/404.html
https://payoffdeals.com/api/isproxied
https://payoffdeals.com/js/podalerts.min.js?_=1706005951992
https://payoffdeals.com/404.html
https://payoffdeals.com/api/user/notificationscount
https://payoffdeals.com/404.html
https://payoffdeals.com/404.html
https://payoffdeals.com/js/ripples.js
https://payoffdeals.com/flags/4x3/rs.svg
https://payoffdeals.com/api/service/deals/encrypted?functional_type=promo&height=300&width=1000&current=top&count=10&page=0&cachekey=serbia%23promo%231000%23300&regionfilter=serbia
https://payoffdeals.com/404.html
https://payoffdeals.com/api/service/deals?cachekey=serbia%23retailers%2360&fetchsize=60&status=active&podbenefit=yes&functional_type=retailers&unique=site
https://payoffdeals.com/404.html
https://payoffdeals.com/404.html
https://payoffdeals.com/api/service/deals/encrypted?functional_type=banners&height=628&width=1200&podbenefit=yes&cachekey=serbia%23banners%231200%23628%2340&fetchsize=40&exclude%5B%5D=site%23nilkamalfurniture.com&exclude%5B%5D=site%23timesprime.com
https://payoffdeals.com/img/loader.svg
https://payoffdeals.com/ikons/mobilephones.jpg
https://payoffdeals.com/ikons/travel.jpg
https://fonts.googleapis.com/css?family=Ubuntu
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=payoffdeals.com%2F404.html&tdp=GTM-MQJ8HZM;133150896;0;0;0&z=0
https://www.googletagmanager.com/td?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=payoffdeals.com%2F404.html&tdp=GTM-MQJ8HZM;133150896;0;0;0&z=0
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.init&eid=0&h=Ag&z=0
https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72nU6AFw.woff2
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.js&eid=1&h=Ag&z=0
https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72nU6AFw.woff2
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.dom&eid=2&h=Ag&z=0
https://payoffdeals.com/favicon.ico
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.load&eid=3&h=Ag&z=0

Because we have multiple validations. One of them fast but not fair, second one is long but fair. It runs customized lighthouse. And if this fair validation completely fails, it's a flag something weird happens when your app first loading.

pod12 commented 5 months ago

@pod12 requests captured during the validation

https://payoffdeals.com/
https://payoffdeals.com/ikons/healthandmedicine.jpg
https://payoffdeals.com/ikons/fooddelivery.jpg
https://payoffdeals.com/css/reset.css
https://payoffdeals.com/css/normalize.css
https://payoffdeals.com/css/bootstrap.min.css
https://payoffdeals.com/css/slick.css
https://payoffdeals.com/css/slick-theme.css
https://payoffdeals.com/css/jquery-loading.css
https://payoffdeals.com/css/font-awesome.min.css
https://payoffdeals.com/css/cookiealert.css
https://payoffdeals.com/css/auto-complete.css
https://payoffdeals.com/css/lity.min.css
https://payoffdeals.com/css/fssearch.css
https://payoffdeals.com/css/flag-icons.min.css
https://payoffdeals.com/css/slideshow.min.css
https://payoffdeals.com/css/tipsy.css
https://payoffdeals.com/css/style.min.css?_v=8
https://polyfill.io/v3/polyfill.min.js
https://payoffdeals.com/js/jquery.min.js
https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,300;0,400;0,700;0,900;1,300;1,400;1,700;1,900&display=swap
https://fonts.googleapis.com/css2?family=Alfa+Slab+One&display=swap
https://payoffdeals.com/js/jquery.lettering-0.6.1.min.js
https://payoffdeals.com/js/jquery-loading.js
https://payoffdeals.com/js/bootstrap.min.js
https://payoffdeals.com/js/slick.min.js
https://payoffdeals.com/js/lity.min.js
https://payoffdeals.com/js/breakpoints.min.js
https://payoffdeals.com/js/encrypt.min.js
https://payoffdeals.com/js/store.min.js
https://payoffdeals.com/js/js.cookie.min.js
https://payoffdeals.com/js/slideshow.min.js
https://payoffdeals.com/js/jquery.tipsy.js
https://payoffdeals.com/appinstall.min.js
https://payoffdeals.com/js/misc.min.js?_v=17
https://payoffdeals.com/js/common.min.js?_v=16
https://payoffdeals.com/js/index.min.js?_v=5
https://payoffdeals.com/ikons/groceries.jpg
https://payoffdeals.com/ikons/electronics.jpg
https://payoffdeals.com/ikons/departmental.jpg
https://payoffdeals.com/ikons/beauty&personalcare.jpg
https://payoffdeals.com/ikons/education.jpg
https://payoffdeals.com/ikons/rechargeandbillpayments.jpg
https://payoffdeals.com/ikons/fashion.jpg
https://poderror.s3.ap-south-1.amazonaws.com/sayb.webp
https://payoffdeals.com/js/cookiealert.js
https://www.googletagmanager.com/gtm.js?id=GTM-MQJ8HZM
https://payoffdeals.com/css/ajax-loader.gif
https://fonts.gstatic.com/s/alfaslabone/v19/6NUQ8FmMKwSEKjnm5-4v-4Jh2dJhe_escmA.woff2
https://payoffdeals.com/fonts/fontawesome-webfont.woff2?v=4.7.0
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
https://fonts.gstatic.com/s/alfaslabone/v19/6NUQ8FmMKwSEKjnm5-4v-4Jh2dJhe_escmA.woff2
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
https://payoffdeals.com/fonts/fontawesome-webfont.woff2?v=4.7.0
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
https://payoffdeals.com/api/user/usercountry
https://payoffdeals.com/js/touchviolationhandling.min.js
https://payoffdeals.com/js/fp.min.js?_=1706005951991
https://payoffdeals.com/404.html
https://payoffdeals.com/api/isproxied
https://payoffdeals.com/js/podalerts.min.js?_=1706005951992
https://payoffdeals.com/404.html
https://payoffdeals.com/api/user/notificationscount
https://payoffdeals.com/404.html
https://payoffdeals.com/404.html
https://payoffdeals.com/js/ripples.js
https://payoffdeals.com/flags/4x3/rs.svg
https://payoffdeals.com/api/service/deals/encrypted?functional_type=promo&height=300&width=1000&current=top&count=10&page=0&cachekey=serbia%23promo%231000%23300&regionfilter=serbia
https://payoffdeals.com/404.html
https://payoffdeals.com/api/service/deals?cachekey=serbia%23retailers%2360&fetchsize=60&status=active&podbenefit=yes&functional_type=retailers&unique=site
https://payoffdeals.com/404.html
https://payoffdeals.com/404.html
https://payoffdeals.com/api/service/deals/encrypted?functional_type=banners&height=628&width=1200&podbenefit=yes&cachekey=serbia%23banners%231200%23628%2340&fetchsize=40&exclude%5B%5D=site%23nilkamalfurniture.com&exclude%5B%5D=site%23timesprime.com
https://payoffdeals.com/img/loader.svg
https://payoffdeals.com/ikons/mobilephones.jpg
https://payoffdeals.com/ikons/travel.jpg
https://fonts.googleapis.com/css?family=Ubuntu
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=payoffdeals.com%2F404.html&tdp=GTM-MQJ8HZM;133150896;0;0;0&z=0
https://www.googletagmanager.com/td?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.init_consent&eid=-1&h=Ag&dl=payoffdeals.com%2F404.html&tdp=GTM-MQJ8HZM;133150896;0;0;0&z=0
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.init&eid=0&h=Ag&z=0
https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72nU6AFw.woff2
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.js&eid=1&h=Ag&z=0
https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72nU6AFw.woff2
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.dom&eid=2&h=Ag&z=0
https://payoffdeals.com/favicon.ico
https://www.googletagmanager.com/a?id=GTM-MQJ8HZM&v=3&t=t&pid=1721741166&cv=2&rv=41h0&tc=0&tag_exp=71847096&es=1&e=gtm.load&eid=3&h=Ag&z=0

Because we have multiple validations. One of them fast but not fair, second one is long but fair. It runs customized lighthouse. And if this fair validation completely fails, it's a flag something weird happens when your app first loading.

Do we know which one/ones are failing validation? because they seem to succeed on browser. Also, ideally if any of these requests has any implicit insecure request/s, those should have been caught by browser easily (which doesn't seem to be the case here).

Also, you mentioned "first loading", i'm not sure what it means but first loading never seen any issues on browser and in PWABuilder. Because PWASBuilder properly detects App capabilities before performing additional tests.

Also, what i can see from application logs is that PWABuilder tries to fetch page and it's resources twice separately (2 separate requests with 2 separate identities i.e ip addresses).

Edit - There are 404.html pages being requested, ideally a 404.html will be returned when you request directly, due to some error in App (it depends on scenario) or as a response to an invalid request url (and rarely as a redirect). I can't see a 404.html being requested in browser when page is loaded, also this in most cases is a success response (e.g. an internal forward to another resource) and not an error. So not sure why PWABuilder is caught up with a response.

These tests seem to be run from your current location (which will trigger an implicit App refresh), is it possible for you run these tests on a machine from India or US (so that App doesn't trigger implicit refresh)?

Also, if possible please remove those requests because there are many that should not be publicly visible.

creakosta commented 5 months ago

@khmyznikov Hi I have same problem for my site: https://radbrothers.com/PWA/aoflig101/index.html

pod12 commented 5 months ago

@khmyznikov Because this is a blocker for us and not sure what is causing PWABuilder to fail tests, as an interim solution I've changed initial page (default landing page of App) and been able to successfully pass the tests.

For now we can proceed with this (with added extra efforts to redesign the landing page) but i would be more interested to keep the original landing page as is and expect PWABuilder to pass the tests.

pod12 commented 5 months ago

@khmyznikov Hi I have same problem for my site: https://radbrothers.com/PWA/aoflig101/index.html

"There were issues affecting this run of Lighthouse:

The page did not paint any content. Please ensure you keep the browser window in the foreground during the load and try again. (NO_FCP)"

Yours has so many problems, try running Lighthouse locally on your machine and fix errors. Hopefully that should help.

jgw96 commented 5 months ago

I am going to close this for now as it would be better handled in our Discord for now. Thanks all!

pod12 commented 5 months ago

I am going to close this for now as it would be better handled in our Discord for now. Thanks all!

I had requested to cleanup the traces, could you do that?

FenrirDrage commented 1 month ago

PWA service workers will register when using http://localhost:3000/

When using http://myipaddress:3000/

Gchrome: application: manifest Installability :

Page is not served from a secure origin

does someone knows how to get the page secure??

Ty in advance