Comment by filleokus
6 years ago
If Universal Links was supported on macOS we could get the best of both worlds.
The web server basically presents meta-data in a JSON-file (in the .well-known directory) which Safari/iOS uses to launch the app if it is installed, and otherwise just renders the webpage [0].
The app contains information about which domains it allows itself to be opened from which would fix this issue.
[0]:https://developer.apple.com/library/archive/documentation/Ge...
Universal Links will be supported on macOS Catalina. Reference: https://developer.apple.com/videos/play/wwdc2019/717/
Universal Links are better than their localhost webserver insanity, but don't really solve this. A malicious website can still redirect you to a zoom.us URL that will instantly join the meeting without confirmation.
The underlying problem is that they want a URL to join a conference call hosted by any random user and share your audio/video without confirmation. And it's simply not safe to trigger that kind of action from a URL.
Yes, I agree that's the underlying problem. Regardless of how the URL is opened it shouldn't behave that way.
However, I do think that Universal Links doesn't work with redirects, consider: https://bit.ly/30oxOdO vs https://twitter.com/ycombinator (tap using Safari on iOS with Twitter installed).
EDIT: Turns out I was misinformed...