TypeError: window.applicationCache is undefined

Bug #1737642 reported by Alan Aversa on 2017-12-11
This bug affects 2 people
Affects Status Importance Assigned to Milestone

Bug Description

When accessing http://localhost:8181/calibre served by calibre-server 3.13, I get this error in Firefox 57:

TypeError: window.applicationCache is undefined calibre:26008:13
<anonymous> http://localhost:8181/calibre:26008:13
<anonymous> http://localhost:8181/calibre:25953:6
<anonymous> http://localhost:8181/calibre:240:2

That indicates your firefox is missing the application cache
functionality. Either you have turned it off in the settings, or
installed an extension that does so or your firefox profile is
corrupted. Try using a fresh profile.

 status invalid

Changed in calibre:
status: New → Invalid
Alan Aversa (aversa) wrote :

It looks like AppCache has been deprecated since Firefox 44 (https://www.fxsitecompat.com/en-CA/docs/2016/application-cache-support-will-be-removed/ ) and that it has now been completely removed from FireFox.

Alan Aversa (aversa) wrote :

From here: https://developer.mozilla.org/en-US/docs/Web/HTML/Using_the_application_cache :

This feature has been removed from the Web standards. Though some browsers may still support it, it is in the process of being dropped. Avoid using it and update existing code if possible; see the compatibility table at the bottom of this page to guide your decision. Be aware that this feature may cease to work at any time.

Using the application caching feature described here is at this point highly discouraged; it’s in the process of being removed from the Web platform. Use Service Workers instead. In fact as of Firefox 44, when AppCache is used to provide offline support for a page a warning message is now displayed in the console advising developers to use Service workers instead (bug 1204581).

Kovid Goyal (kovid) wrote :

No appcache has not been removed. And service workers cannot substitute
for it since the browsers dont allow it over non-http connections.

Kovid Goyal (kovid) wrote :

I just tried it in Firefox 57.0.2 and it worked application cache is enabled and I get a warning about it being deprecated int he console.

Alan Aversa (aversa) wrote :

You're right; I had a bad profile that needed cleaning. It works in FireFox 57.0 for me, too.

Kerm Martian (kermmartian) wrote :

As of Firefox 62, the App Cache has been disabled for insecure sites, so this is now on the more urgent side:


Kovid Goyal (kovid) wrote :

I'm not sure what I can do about that. The server already supports https certificates, so if you want to use it with firefox you will need to setup https. Browser makers seem determined to do all in their power to destroy the de-centralised web using "security" as a fig leaf.

There is apparently now no way to have offline enabled applications over http in Firefox. Which means anyone that wants to run their own server now has to jump through the hoops to get https certificates, which makes running your own server even harder for the non-technical. I assume browser makers want a world where servers and websites are run only by centralised corporations -- what a sad day for the internet.

Kovid Goyal (kovid) wrote :

I have changed the server to simply disable offline access when app cache is not available instead of failing. https://github.com/kovidgoyal/calibre/commit/d703d0ec56d6a779b8c3bab84d61086868e2a4a3

Well, it's not impossible. Seems you can just manually set the following
preference in the about:config page:

browser.cache.offline.insecure.enable = true

(It's a pity this still tries to "protect" you from malicious wifi
attackers on the private network blocks like or 192.168.*.*
which are, um, unlikely to be used at all except on fully trusted networks.)

More generally, I can't really get upset about their logic for making
this not available by default. Maybe this is a good opportunity to
provide easily accessible instructions for enabling HTTPS and guiding
the user along the process of importing their own self-signed
certificate into their browser's trust store.

This could probably be automated, since there's already a certgen plugin
that seems to be used just to test the server's HTTPS support. You could
offer a button to generate and use a new SSL certificate, then open the
public component in a file browser and link to general browser
documentation for trusting a new SSL certificate.

Kovid Goyal (kovid) wrote :

It cannot be automated, for automation to work (via Lets Encrypt), the server has to run on port 80, which gets blocked by default on linux and is often blocked by antivirus/firewall on window. And I'm sorry but, hand waving and saying that "you just have to provide instructions to enable HTTPS" is not an acceptable answer. I know of no instructions a technically illiterate person can follow to enable HTTPs certificates for a server they are running on their home desktop that is likely to work in even a significant minority of cases, given that most home computers dont even have assigned domain names. If I'm wrong, I eagerly await a link pointing to such instructions.

Eli Schwartz (eschwartz) wrote :

> It cannot be automated, for automation to work (via Lets Encrypt), the
> server has to run on port 80, which gets blocked by default on linux and
> is often blocked by antivirus/firewall on window.
Self-signed != signed by letsencrypt.

It should be possible to generate the necessary bits automatically and
just ask the user what the url for the server is, then tell them to
"install this file in your browser, see this link for how to import a
new CA in Firefox".

Or even "for advanced mode, see this link for how to get your
certificate signed by letsencrypt".

Kovid Goyal (kovid) wrote :

And how is the user going to do that on a modile device? As far as I know you cannot install CA certs without rooting most devices.

Chris Routh (routhinator) wrote :

From the latest Chromium:

[Deprecation] Application Cache was previously restricted to secure origins only from M70 on but now secure origin use is deprecated and will be removed in M82. Please shift your use case over to Service Workers.

This doesn't work on http or https on any modern browser now.

Kovid Goyal (kovid) wrote :

Yeah, not a surprise. As I said earlier I have already changed the server to simply ignore the failure of appcache. So this doesn't affect anything. I might look into adding support for service workers when the server is running over https someday, but given that they are significantly more complex and only useful with https, my motivation is not high, patches are welcome.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers