Should external catcher relax on scheme change?

[rgaudin]

I noticed that in an HTTP zimit1 scenario, when accessing the ZIM, warc2zim offers to switch to HTTPs in order to allow Service Workers.

When clicking this link, I get the external catcher

As a user, I was surprised by this because it didn't feel like I was going online (and I wasn't).

I wonder if we should relax our isExternalUrl() check to allow identical URLs but on a different scheme 🤔

libkiwix/static/skin/viewer.js

Lines 313 to 320 in 86100b3

	function isExternalUrl(url) {
	if ( url.startsWith(window.location.origin) )
	return false;
	return url.startsWith("//")
	|| url.startsWith("http:")
	|| url.startsWith("https:");
	}

[kelson42]

This is a bug IMO.

[mgautierfr]

Seems indeed something to do. Especially we are redirecting our user to a https url.

---

But for the record, cross-origin differentiate between http and https.
I don't think it is important here, but somehow related and good to remember.

[kelson42]

Not sure here how would look like the next step?