VCC Dont use embedded browser
complete
Code-Floof
VCC currently uses an embedded browser for the Learn options. Why tho. Its slow and resets every time the button is pressed. Just open an external browser window
Log In
Momo the Monster
complete
Embedded browser is removed in 0.3.0 in favor of just opening the user's default browser.
Momo the Monster
in progress
@Code-Floof @kurotu, you were right. Ultimately, this is not a great experience for the users so we're switching to just opening the links in the default browser for now.
kurotu
Momo the Monster Would you like to reconsider this or share feature's goal?
In general, embedded browsers should be carefully implemented because of many reasons such as security.
Example 1
The browser of v0.2.4 can go to any url other than
*.vrchat.com
via links. This means that users may accidentally open malicious urls. There are no url bars, so they can't know that. At least, navigations to other than *.vrchat.com
should be opended in a system browser.Example 2
The forum requires VRChat account. In SSO context, I think embbeded browsers are not recommended in order to prevent MITM. For example, OAuth 2.0 recommends to use a system browser, and actually Google blocks webviews for login.
- https://www.oauth.com/oauth2-servers/oauth-native-apps/use-system-browser/
- https://developers.googleblog.com/2020/08/guidance-for-our-effort-to-block-less-secure-browser-and-apps.html
I'm not sure that VCC actually has vulnerabilities. However, I think we'll need to test VCC's browser from this point of view.
Also, users will desire typical browser features (go back/forward, tabs, keyboard shortcuts, etc.). That will be hard and might not get better usability.
Momo the Monster
will not implement
We're not planning on removing this feature, though we do have some ideas on how to speed it up and make it more useful.
Momo the Monster
tracked
naqtn
In case you haven't noticed: you can press "Open in Browser" button at left bottom of the window and bookmark it.
Code-Floof
naqtn: yeah I saw that's there, the mere existence is what bothers me since it doesn't integrate well with the ui