PWA Support For Web App

[mintdotco]

I think Progressive Web App Support would be nice for the web app. Especially for iOS device as it would make casting way easier than having to type in the full URL every time

[iBicha]

Yes, this is something that has been on my mind for a while now. I'll summarize some of the goals I wanted to achieve with this

• Installable: so it can be launched easily
• Offline: If Playlet is not on, the web server is also not on, and the web app is then unavailable. It would be nice if the web app is available even if Playlet is not on, and is able to launch the TV app from phone
• Web Share Target API: Use the official Youtube app (or any alternative app like NewPipe) to cast to Playlet, by using the share dialog.

These were all related goals that got limited by one thing: the PWA need to be served over HTTPS for the Service Workers to work. This is unfortunately easier said than done, since Roku does not have the OpenSSL library to hook things up with the web server. This means the security layer for HTTP needs to be written from scratch (perhaps using some of the crypto related functionality like ifDsa and ifRsa - if these are even sufficient) so it's no easy feat, as I don't know enough about the topic.

To sum up, the options to achieve this are:

1. Serve the web app from Roku over HTTPS
   • Not simple - or at least I need to educate myself about the inner workings of HTTPS and OpenSSL (handshake, encryption, etc)
2. Serve the web app from a hosted endpoint over HTTPS
   • The web app will still need to talk to Roku over unsecure HTTP, which will lead to Mixed Content Security Policy errors
3. Use a native mobile app that can be installed
   • Did a prototype using NativeScript Poc/nativescript #118 which allowed me to cast a video
4. Use a locally self-hosted app (containerized using Docker) that is capable of talking to the unsecure Playlet server
   • This could also solve it, but requires setup and would be a blocker for non-tech savy people (or anyone who do not which to maintain this kind of setup)

These are all the options I can think of, but I'm open to other ideas on how to achieve this

[iBicha]

I'm considering exploring how to use chrome://flags/#unsafely-treat-insecure-origin-as-secure on Chrome and devtools.serviceWorkers.testing.enabled on Firefox to achieve this. This could allow the browser to treat http as https, thus enabling service workers, offline support and web share target api.
Although these are dev options and not designed for end user, but they could unlock legitimate features.

[iBicha]

I'm fairly convinced that this will be hard to achieve. Even with the insecure flags (that I'm betting most people will not want to enable).
Since now there's support to cast from YouTube, it makes casting less painful.
I'll close the issue for now until there's further development or new novel approaches to solve this