Additional page load

#1

When I start safe://doggies.vmp with the safe browser an additional page https://fonts.googleapis.com/css?family=Roboto:100 loads too simultaneously in the standard web browser.
Could it be a safe browser bug or something else?

1 Like

#2

Hey @Val,

I can confirm that this is happening. Far as I know the SAFE browser must block requests for the clear Internet, Can anyone from @maidsafe, @dugcampbell to confirm whether it is a bug?

1 Like

#3

Yes, I noticed that @Val, that’s not an issue with the browser, it’s your website linking to google fonts. You’ll have to upload the font files as well as part of your website’s files onto SAFE and make sure the references/links from your website’s pages use them from safe.

6 Likes

#4

I too think that some requests are not blocked, but let developers make it clear.

0 Likes

#5

OK! Thanks. I will have this in mind.

1 Like

#6

I see there is a font uploaded: safe://doggies.vmp/assets/fonts/fontawesome-webfont.woff2, but I presume from some parts of your website you are trying to use the font family Roboto, it’ll depend which framework you are using for the UI is how you can change those links to use the font files you upload, or perhaps use some fonts available by default on the browser?

Edit: still, I’m not sure if the SAFE browser should open those http/https font links, @joshuef?

3 Likes

#7

Pretty sure it has to block them by default or the privacy model is broken.

10 Likes

#8

I thought that had been fixed ages ago. As @happybeing says it is a large problem to open normal browser just because there is a link in the safe website. It could be a malware site too

Well actually a lot more than privacy. Think you are secure on SAFE, well no actually the safe site could cause a malware site to automatically open just because its linked in the safe site (as if its fonts or javascript or image)

7 Likes

#9

They should be blocked in the SAFE Browser by default yep.

And so all HTTP req atm should be opening in your default clearnet browser (as described in the op).

So that’s expected behaviour right now.


Is that most desirable? I’d agree not.

It’s a convo we’ve had and automatically opening these things is certainly not how we want to handle this in the end. So we’re planning to look at users flows around clearnet links / opening etc when we take a longer look at the browser UX as a whole.

4 Likes

#10

Absolutely not for security. It would take about 1 microsecond before malware guys see the hole and utilise it. They would make some SAFE sites with links to their malware websites and catch all the users who think they are on a secure system using a secure browser.

5 Likes

#11

Agreed, totally.

As I said, it’s something I’ve had in mind for the UX review/enhancement of the browser, but I’ve started fleshing out an issue to track this so we don’t lose track of any things:

Feel free to fire in with concerns/Qs/ideas on things over yonder :+1:

12 Likes