kiwix-hotspot icon indicating copy to clipboard operation
kiwix-hotspot copied to clipboard
verified publisher icon offspot

HTTPS scenario fails for some zimit files with Chrome

Open Popolechien opened this issue 4 years ago • 19 comments

Created an image using installer that had the GCFD zim (zimfarm receipe here)

Installation ran fine and upon opening the zim I get the expected "switch to https" warning. But then past this step I only get the little circle going round and round indefinitely and there is no access to content.

Popolechien avatar May 26 '21 15:05 Popolechien

Doesn't look like a hotspot issue but downloading the ZIM to make sure and maybe transfer.

rgaudin avatar May 26 '21 15:05 rgaudin

Can't reproduce ; would you mind retesting but opening the developer tools console first (⌥ + ⌘ + I on Firefox) and copy/screenshot its output ? So we can see where it's stuck at.

rgaudin avatar Jun 02 '21 10:06 rgaudin

It actually works on Firefox, but not on Chrome. Looking at the dev console I get this: load.js:56 Uncaught (in promise) DOMException: Failed to register a ServiceWorker for scope ('https://kiwix.hello.hotspot/edu.gcfglobal.org_en_all.en/A/') with script ('https://kiwix.hello.hotspot/edu.gcfglobal.org_en_all.en/A/sw.js?replayPrefix=&root=edugcfglobal.org_en_all.en'): An SSL certificate error occurred when fetching the script.

Popolechien avatar Jun 02 '21 12:06 Popolechien

@rgaudin Does this bug is confirmed? I would be really surprised!

kelson42 avatar Jul 25 '21 08:07 kelson42

I've generated a small config with 5 zimit-generated files and ran them on a RPi 3B+:

Works:

  • Les fondamentaux

Does not work

They obviously all run normally on library.kiwix.org

Popolechien avatar Jul 27 '21 08:07 Popolechien

Is the symptom the same for all of them ?

rgaudin avatar Jul 27 '21 08:07 rgaudin

Yup. Little round thing going to no end.

Popolechien avatar Jul 27 '21 08:07 Popolechien

Ok, you tried different browsers ?

rgaudin avatar Jul 27 '21 08:07 rgaudin

Ok, got it:

Chrome (macOS, all extensions deactivated): does not work Firefox (macOS), Chrome (android): I get the below activation page

Capture d’écran 2021-07-27 à 10 06 07

This being said, Chrome is the dominant browser so it might be worth checking if it is an issue with macOS or if it happens on Windows as well.

Popolechien avatar Jul 27 '21 08:07 Popolechien

Thanks ; that's helpful. Pretty sure it happens on all platform ; your initial message make it seems like it.

rgaudin avatar Jul 27 '21 08:07 rgaudin

Yep, can confirm that Opera on PC (windows 10) is fine, but not Chrome (Win10).

Popolechien avatar Jul 27 '21 08:07 Popolechien

@rgaudin Both of us have been quite weak on that one :( @Popolechien Sorry for this pretty stupid and high impacting problem.

kelson42 avatar Jul 28 '21 10:07 kelson42

This issue has been automatically marked as stale because it has not had recent activity. It will be now be reviewed manually. Thank you for your contributions.

stale[bot] avatar Sep 26 '21 11:09 stale[bot]

Chrome (macOS, all extensions deactivated): does not work

Works fine for me, and that does not surprise me as I did test it when implementing the feature (had to take a screencast of it!)

Screen Shot 2021-09-30 at 13 46 28

Are you sure you had the problem on macOS? Trying to get a Windows running to test on Windows now.

rgaudin avatar Sep 30 '21 13:09 rgaudin

OK, so the problem is after this tutorial, which works on all browsers. It's just that once you've added the exception, you don't see it anymore obviously.

I can reproduce the issue: certificate exception is added but chrome refuses to register the service worker still.

rgaudin avatar Sep 30 '21 15:09 rgaudin

OK, unfortunately, Chrome now requires the certificate to be installed on the system to work with Service Workers. The process is thus more complicated with many steps and of course it's different on Windows and macOS.

What should we do?

rgaudin avatar Sep 30 '21 15:09 rgaudin

well the simpler for the user the better, no matter the cost on our side.

Popolechien avatar Sep 30 '21 15:09 Popolechien

There is no simple way for the user.

The current (other browsers though) solution requires a few clicks in the browser to add an exception for the domain. What we are looking at now is a many steps, multi-software process to get to the same result:

  1. Click on “Not secure” button next to address bar
  2. Click on “Certificate (invalid)”
  3. In the popup, go to Details
  4. Click export to file
  5. Select a location and name to export to and save
  6. Now in explorer, go to that location and double-click certificate
  7. Choose install certificate
  8. Select “place certificate in following store”
  9. Click Browse
  10. Select “Trusted root certificates authorities” from the list of similarly named options
  11. Confirm
  12. Confirm in the warning dialog
  13. Exit the certificate manager
  14. In chrome, refresh the page you were on

Steps 7-13 are visible in this tutorial

Another alternative, is to ask user:

  • To use another browser (Firefox)
  • To disable security in chrome by launching it with --ignore-certificate-errors.

rgaudin avatar Sep 30 '21 16:09 rgaudin

This issue has been automatically marked as stale because it has not had recent activity. It will be now be reviewed manually. Thank you for your contributions.

stale[bot] avatar Nov 30 '21 08:11 stale[bot]

Invalidated with Zimit2

kelson42 avatar Jun 04 '24 19:06 kelson42