7
5
Fork
You've already forked apple
1

Local callback to 127.0.0.1 after approval fails in Safari if "warn before connecting to a website over HTTP" is enabled. #538

Closed
opened 2025年09月11日 14:00:24 +02:00 by Lukas-UAUX · 10 comments

Hi, after we got a message from one of our members that he can not login into eduVPN on macOS we found out that the setting "warn before connecting to a website over HTTP" in Safari blocks the calback back to the eduVPN app after the approval.

Probably unintentional because as the name implies it should only warn and not block it but alas it still does. As I don't think the user enabled this option himself maybe is apple testing some new defaults?

Just noting it here in case someone other stumbles across the same problem...

Hi, after we got a message from one of our members that he can not login into eduVPN on macOS we found out that the setting "warn before connecting to a website over HTTP" in Safari blocks the calback back to the eduVPN app after the approval. Probably unintentional because as the name implies it should only warn and not block it but alas it still does. As I don't think the user enabled this option himself maybe is apple testing some new defaults? Just noting it here in case someone other stumbles across the same problem...

Thanks for the heads-up! I did hear about this issue before some (削除) years (削除ここまで) months ago, seems like a (long standing) Apple bug in that case. Obviously localhost should be excluded from their warning/block.

Thanks for the heads-up! I did hear about this issue before some ~years~ months ago, seems like a (long standing) Apple bug in that case. Obviously `localhost` should be excluded from their warning/block.

We have seen this before in January. This is actually two bugs in safari I guess. localhost should be excluded and in practice it's not a warning but it completely fails to load

We have seen this before in January. This is actually *two* bugs in safari I guess. `localhost` should be excluded and in practice it's not a warning but it completely fails to load

in my testing, lockdown mode doesn't influence this setting

in my testing, lockdown mode doesn't influence this setting

what lockdown mode?

what lockdown mode?

Here: image

Here: ![image](/attachments/75e2b301-27d7-4e61-9750-3d90323d150a)
232 KiB

Ah okay never heard of it - just to be sure that this isn't a mixup - I meant the setting in Safari itself.

Ah okay never heard of it - just to be sure that this isn't a mixup - I meant the setting in Safari itself.

@Lukas-UAUX wrote in #538 (comment):

Ah okay never heard of it - just to be sure that this isn't a mixup - I meant the setting in Safari itself.

Not a mixup, was just testing if lockdown mode influences that setting. Because for me it was off (the setting in safari) by default

@Lukas-UAUX wrote in https://codeberg.org/eduVPN/apple/issues/538#issuecomment-7120468: > Ah okay never heard of it - just to be sure that this isn't a mixup - I meant the setting in Safari itself. Not a mixup, was just testing if lockdown mode influences that setting. Because for me it was off (the setting in safari) by default
Collaborator
Copy link

We'll be adopting ASWebAuthenticationSession in the near future (#555), and there we will not be using the localhost server then. Will close this issue once we have a release with that change.

We'll be adopting ASWebAuthenticationSession in the near future (#555), and there we will not be using the localhost server then. Will close this issue once we have a release with that change.

This can be closed and we can track this in #555?

This can be closed and we can track this in #555?
Collaborator
Copy link

We no longer connect to 127.0.0.1 after #555.

We no longer connect to 127.0.0.1 after #555.
Sign in to join this conversation.
No Branch/Tag specified
master
use_common_api
issue_eduvpn_apple_527
developer_id_distribution
internal-3.0.4-i
debug/debug_block_local
bugfix/376
feature/tests
bump-versions
experimental
fix-swiftlint-warnings
redesign
mergetest
feature/289
use-gplv3-with-app-store-exception
release/2.1.7
tunnelkit_keep_tunnel_when_network_is_down
feature/254
feature/includeall
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.1
4.1.0
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.1.0
3.0.8
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.1
3.0.0
2.2.4
2.2.3
2.2.2
2.2.1
2.2.0
2.1.9
2.1.7
release/lets-connect-2.1.7-mac
release/lets-connect-2.1.7-ios
ios/v.2.0.1
ios/v2.0.2
ios/v2.0.3
ios/v2.0.4
ios/v2.1.1
mac/v2.1.1
v2.0.4
v2.0.2
v2.0.3
v2.0.0
v2.0.1
v1.0.0
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
eduVPN/apple#538
Reference in a new issue
eduVPN/apple
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?