[FR] Fetching and opening notifications should use subdomains that respect to user settings

[kowith337]

Current behavior

• Notifications are fetch from mobile.facebook.com, that's mean the site interface will depend on (custom) user agent, for eample.
  • if you spoof as Firefox 13, you will get the basic site layout.
  • if you spoof as Chrome or any mobile browser that modern enough, you will get the touch screen (aka. likely official app) layout.
• In my opinion, using or fetching notifications from mobile.facebook.com is less trust, because I never see this subdomains included when use touch.facebook.com on generic connections (home or workplace Wi-Fi), however on mobile data, if I've forced Face Slim to load mobile site (that always go to touch.facebook.com when open app, anything will be fail to load due to their system switch XMLHttpRequest query to call from or sent to mobile.facebook.com instead, but the CORS policy forbid and prevent that things to be happen.
  • In other words, Facebook seems to trying to switch subdomains who use Facebook on mobile site with data plan.
  • And occasionally connect to h.facebook.com without proper HTTPS protocol, that's why it's likely less trust and possibly dangerous.

Suggestions

• Fetching notifications should use subdomains that respect user settings, e.g.
  • If you select Force basic site, all notifications should fetch and/or open from mbasic.facebook.com
  • And rest of it should be the same. e.g.
    • touch.facebook.com for users who choose to force the app to load mobile site.
    • 0.facebook.com for Facebook Zero users.
    • m.facebookcorewwwi.onion for users who use TOR/Orbot.