GNOME captive portal helper (was Re: F23 System Wide Change: Default Local DNS Resolver)
Paul Wouters
paul at nohats.ca
Mon Jun 15 19:07:34 UTC 2015
On Mon, 15 Jun 2015, Stephen John Smoogen wrote:
> Is the code on how ChromeOS or Android detects captivity part of the
> 'public' code? It seems to do a 'good' job in finding many captive
> portals so might be something to get an idea on how many weird ways
> things are out there.
I think everyone does it similarly. Apple, Google, etc.
You have a web server with a guarantee on no HTTP redirect. You expect
some specific content, typicall "OK" to be there in the proper mime
type. (usually text) If you get different text or a redirect or other
error (eg forbidden) then you assume you're in a captive portal.
Apple (foolishly) used to use something like http://apple.com/hotspot
on their main site itself, which meant that using a VPN on demand could
never protect apple.com because the iphone had to leave that domain out
of the vpn trigger list or else all hotspot detection would be broken. It
seems they have switched to captive.apple.com with returns "Success". It
has a TTL of 10 (after a CNAME redirect into Akamai) but it is missing
a AAAA record. Guess there aren't many ipv6 captive portals yet :P
Paul
More information about the devel
mailing list