WebUI does not check for new version

[dns2utf8]

Expected Behavior

The UI should warn the user from using an outdated version of the WUI.

Current Behavior

Possible Solution

• Cache more, so it still works without the update
• Ask the user to refresh the page and load the new version

Steps to Reproduce (for bugs)

1. Use WUI, eg. 1.0.5
2. Wait a bit until a new version gets deployed, eg. 1.1.0
3. See the funny picture from current behavior

Your Environment

• Threema Web version: 1.0.5 -> 1.1.0
• Threema for Android version: the latest to this day
• Threema for Android source: Play Store
• Browser name and version: Chromium 57.0.2987.110 (64-bit)
• Operating system and version: Arch Linux 2017-03-18

[dbrgn]

For all files loaded on a page reload, cache invalidation is being done.

The problem occurs when a user connected to the old version, then the new version is released, then an auto-reconnect happens. In that case, the new templates are loaded but the old code is still in place. If new template filters are being used, they don't exist in the code, therefore breaking some features. In 1.2.0 that would be displaying of files.

We need to do some kind of version check on load. If the version changed, show an alert with the information that a new version was released, and full-reload the page.

[dns2utf8]

Does this mean, everytime I switch from one conversation to another it will download the same template again and check the version again?

[dbrgn]

It will download the version.txt file. The contents are about 5 bytes. I think that's reasonable.

[ovalseven8]

Why is it necessary to send a request to the Threema server when I switch conversations? Would not it be enough to send it once and set a flag?

[dbrgn]

Some of the HTML parts (e.g. the conversation view) are loaded dynamically using AJAX. When clicking around the UI while an upgrade happens, if that upgrade contains HTML parts incompatible with the old version, then the UI may break. That's why we want to detect version updates as fast as possible. Using conversation switches is a good occasion for that.

[ovalseven8]

It's probably nitpicky, but it feels not good that the web application sends a request for each conversation switch. It's some kind of activity tracking. Can you reconsider that decision?

[rugk]

Yeah, theoretically, an network attacker can see each time you switch a chat or so… (it's easy to detect these few bytes being sent)

I agree this may be a tracking problem. At least one can possible correlate things™…

dynamically using AJAX

Why not change that and make all loads instantly/no dynamic loading? If you think this takes too much time, IMHO, it can load all these when the session is setup/after scanning the QR code. You have a progress indicator anyway, there… :smile:

Or actually,it could theoretically do so while we are scanning the QR code, already, i.e. in the background, when the user is still fiddling around to get their phone out and scan the QR code. :wink:

[lgrahl]

Please open a new issue for that. We can use a service worker to pre-fetch all pages and then just check the version every once in a while.

[ovalseven8]

=> #909