anytime_podcast_player icon indicating copy to clipboard operation
anytime_podcast_player copied to clipboard
verified publisher icon amugofjava

Accept HTTP connection ?

Open Chralu opened this issue 4 years ago • 5 comments

Is your feature request related to a problem? Please describe. Some RSS provide http URLs (without SSL) to download audio files.

In that case, clicking on the episode download button does nothing (on iOS). Whereas stream reading episodes works perfectly.

Describe the solution you'd like As audio file downloading is not risked, maybe we should accept HTTP connections.

Chralu avatar Oct 20 '21 06:10 Chralu

Hi @Chralu,

Do you have a couple of example podcasts or URLs I can try to reproduce this?

Thanks.

amugofjava avatar Oct 20 '21 07:10 amugofjava

Hi @amugofjava ,

thanks to you for that great app :)

You can reproduce that issue with http://www.zqsd.fr/zqsd.xml I'll look for a fix this afternoon.

Actually, IMHO it reveals another small issue : shouldn't we show a information toast when download fails ?

Chralu avatar Oct 20 '21 07:10 Chralu

Thanks @Chralu - glad you like the app.

Yes, a download failed toast would be useful. On Android failed downloads are shown in the notification panel; but, on iOS it does not.

amugofjava avatar Oct 20 '21 08:10 amugofjava

Current code status

On iOS info.plist, we are using both NSAllowsArbitraryLoads and NSAllowsArbitraryLoadsForMedia.

According to official documentation,

NSAllowsArbitraryLoadsForMedia

A Boolean value indicating whether all App Transport Security restrictions are disabled for requests made using the AV Foundation framework. ... In iOS 10 and later and in macOS 10.12 and later, if you include this key with any value, then App Transport Security ignores the value of the NSAllowsArbitraryLoads key, instead using that key’s default value of NO.

NSAllowsArbitraryLoads

A Boolean value indicating whether App Transport Security restrictions are disabled for all network connections.

Solutions

Authorizing HTTP for all network connections

This is what's done on Android (see network_security_config.xml).

To me, we could accept non-SSL communications to download audio files. However it might be risky to accept non-SSL for all http communications.

Forcing HTTPS and eventually fail gracefully

  1. When parsing episodes, we could replace http scheme by https.
  2. If downloading/playback fails on network error, we display a message "A "

If we refuse non-SSL connections, user should be clearly informed : "Episode download failed : URL is invalid"

What do you think about it ?

Chralu avatar Oct 22 '21 06:10 Chralu

Those two values were set as part of the setup of the just_audio plugin; however, looking at the docs you have posted I read that as NSAllowsArbitraryLoadsForMedia disables NSAllowsArbitraryLoads. I will do some testing with the two flags.

amugofjava avatar Nov 04 '21 16:11 amugofjava