PWAsForFirefox icon indicating copy to clipboard operation
PWAsForFirefox copied to clipboard
verified publisher icon filips123

Indication of out-of-scope URL missing

Open PatrickHaecker opened this issue 2 months ago • 1 comments

Problem Description

This is related to #383.

I want to open a PWA with the "Open out-of-scope URLs in a default browser (can break some web apps)" option active. The PWA works, when I set this option after the page loaded. Unfortunately, when I reopen the PWA when it was closed and the option is set, the page will open in the default browser.

The URL is: https://outlook.office365.com/mail/

I already manually added the following entries to the list of "Domains always allowed to be opened in the app browser": login.live.com,login.microsoftonline.com,login.microsoft.com,outlook.office365.com

However, it is still not working. The problem is that I do not know of any way to see which out-of-scope URL is the root cause.

Proposed Solution

I need a clear indication which URL is seen as out-of-scope so that I can add the corresponding domain to the exception list. I think the bare minimum (and hopefully easy to implement) would be to provide a command line option to firefoxpwa site launch, e.g. --print-out-of-scope-urls, which prints all out-of-scope URLs. Initially, it would even be acceptable if this printing is always done (even without command line option).

Ideally, this would be done automatically, i.e. when you activate the "Open out-of-scope URLS in a default browser" option, all domains which have been opened since the start of the PWA are automatically added to the list of "Domains always allowed to be opened in the app browser", at least if the list was empty. But this might be more effort to implement. This could also be made conditional depending on an option or something.

Alternatively, there could be a timing setting, that the first n milliseconds the out-of-scope is ignored and everything is considered in scope.

Additional Information

The output can probably added to (the call of) checkOutOfScope. Unfortunately, I can't get cargo-make to work, so I can't create a PR myself.

PatrickHaecker avatar Oct 17 '25 05:10 PatrickHaecker

For clarification: I suspect some sort of single-sign-on to temporarily request something, which is detected as out-of-scope, but which I can't see in the browser's URL.

PatrickHaecker avatar Oct 17 '25 07:10 PatrickHaecker