Consider Allowing HTTP Support
RyanGreenup opened this issue · 3 comments
I just VPN into my network and avoid SSL because it's a hassle, but it seems that http is restricted.
I like to use personal wikis for school and research and being able to cache pepperminty to my phone would be better than the syncthing/dokuwiki/ksweb set up I'm currently using.
Hey there, @RyanGreenup! The android app should support offline caching already. You just need to visit the pages you want to cache offline first to load them into the cache.
You mention also that HTTP is restricted. I can't remember the details of how I implemented this (as the entire app needs to be rewritten from scratch because Google love to change absolutely everything from 1 Android version to another, and they are no longer accepting any updates that aren't compatible with Android 10 to any apps at all), but the problem with http communication is that because it isn't encrypted, your password (and session cookie) are all sent in the clear, which would allow anyone on the network to access your wiki!
With this in mind, I'm reluctant to allow unencrypted HTTP support. A VPN would certainly solve the issue though, so maybe I could allow it with a big warning message.
The other problem is that if I do update it to allow unencrypted HTTP support, I can't publish the update to the Google Play store because the app targets Android 9, and not Android 10. Updating to target Android 10 for some reason breaks the entire app, and (as I'm quite inexperienced with writing Android apps), I don't see any way to rectify the problem.
So I'd love to fix this, but I wouldn't be able to publish the fix to the Google Play Store :-(
Ahh I see, that makes sense and it's a shame that the app needs to be rewritten. I hope you find time to keep at it though because there are no other apps for wikis on Android and it would be a super convenient way to keep a knowledge base.
As for HTTP, I think a reasonable approach would be to have a switch in the advanced options of the settings to allow it, with a warning, using a VPN as opposed to SSL is good use case because users that want to run a personal wiki might not want to buy a domain name or set up Let's Encrypt when many routers come bundled with a VPN server.
That sounds reasonable. An advanced setting sounds like a good solution to this problem - let's do that.