Menu
Let's say I have a mobile app that listens to all "myawesomeapp" scheme links so it can open them in the app and I have a related website. Now when a page, for eg, https://myawesomeapp.com/home/ is loaded in the browser, I create an iframe dynamically and add it to the document with the src of myawesomeapp://myawesomeapp.com/home/ so that my app can try and open up that page within itself. But most modern browsers will display an insecure/mixed content warning when such a link is created from a page served over HTTPS. Is there a way around this behaviour?
352
Browser can't guarantee that the protocol myawesomeapp is secure (like https). So as a security consideration, it MUST warn the user that insecure content is being loaded in an otherwise secure page.
You can create a service on server to redirect to another scheme. i.e. https://website.com/deeplink/appscheme/path will redirect browser to appscheme://path.
185
According to this the iframe src trick doesn't work anymore.
If you want your app to automatically trigger upon landing on a web page, I found putting this that web page's <head> tag works:
<meta http-equiv="refresh" content="0; url=myprotocol:/path1" />
Where myprotocol is the "scheme" in your intent filter.
However, I am not sure if this method will also be "blocked" future versions of the browser. As the link above stated:
you should implement a user gesture to launch the app via a custom scheme, or use the “intent:” syntax
It seems to me they want intents to be triggered only by user-initiated gestures such as clicking a button, or a link. There could be security issues if a webpage can trigger intents on its own.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
