Hey.

When I share a file, it display e.g.
http://192.168.0.1:9999/

And there is a small hint about "it always works with a non blocked IPv6"...
There's also the change IP address button, which shows the devices addresses and kinda implies it would only listen on the selected address.

However, even when I have e.g. http://192.168.0.1:9999/ selected, the file is still accessible via e.g. a globally scoped IPv6 address (which, depending on the firewall) may then really be accessible globally.

Can't you accept requests only from the selected IP address/port?
Perhaps you could add the wildcard interfaces 0.0.0.0 and :: as an option to bind to any address when the user really wants.

Cheers,
Chris.

Trying to share and selecting shareviahttpcauses shareviahttp to crash with following logcat:

FATAL EXCEPTION: main
Process: com.MarcosDiez.shareviahttp, PID: 28113
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.MarcosDiez.shareviahttp/com.MarcosDiez.shareviahttp.activities.SendFileActivity}: java.lang.ClassCastException: android.text.SpannableString cannot be cast to java.lang.String
	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:4060)
	at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:4247)
	at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:91)
	at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:149)
	at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:103)
	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2613)
	at android.os.Handler.dispatchMessage(Handler.java:110)
	at android.os.Looper.loop(Looper.java:219)
	at android.app.ActivityThread.main(ActivityThread.java:8668)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:513)
	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1109)
Caused by: java.lang.ClassCastException: android.text.SpannableString cannot be cast to java.lang.String
	at com.MarcosDiez.shareviahttp.activities.SendFileActivity.getFileUris(SendFileActivity.java:137)
	at com.MarcosDiez.shareviahttp.activities.SendFileActivity.onCreate(SendFileActivity.java:57)
	at android.app.Activity.performCreate(Activity.java:8214)
	at android.app.Activity.performCreate(Activity.java:8202)
	at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1320)
	at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:4033)
	... 11 more

(found via https://codeberg.org/pstorch/F-Droid_Build_Status/issues/120)

possible duplicate of #17 ?

When installing, it asks me for permission to read contacts. I don't want to expose my contacts. So, is it possible to make this permission on demand? Thank you.

When I have an application e.g. the gallery and select files... and then click on share,... it shows me "Share via HTTP"...
But it's already long clear, that I'm sharing, since I clicked the share button... ;-)

So perhaps just call the registered target for the share operation:
"HTTP/S"... or "HTTP/S Server" or so.

Everything is in the title, it will be a perfect addition, thank you for this great work !

It would be nice if the app could encrypt the connection. Transferring files via unencrypted corrections is irresponsible.
It could even easily user self signed certificates when the fingerprint of the cert is submitted via the QR code.

Thank you for this wonderful app. I have just found it on F-droid. What about an option for "HTTPS-only mode" with a self-signed certificate, to hide the file and the handshake (User-Agent) to passive listeners?

It is ineffective against active or targeted attacks, which I assume not to be an issue anyway, for a user of this very simple app. So I'd not care to check the fingerprint. But the encryption still rules out a class of attacks.

When pressing the stop server button there is no permanent feedback that the server has been disabled, only a brief popup. It would make sense to have the "stop server" button become a "start server" button after it has been pressed.

When we pick a file and create download link , where is the files are actually stored / uploaded ?

This is a great app! Unfortunately, as it is documented in the app's description, it will not work across NATs, which are getting increasingly common and hard to workaround.

I know of two ways to work around that. The first one is obviously the Tor project, by setting up a hidden service and sharing that URL. I know, I know, that's quite an ordeal to setup, but there is orbot that may make that easier. This is, by the way, basically how onionshare works.

The other way around is pagekite and may be even more involved, as you need to talk to a third party server... and is obviously less secure.

Could those options be implemented in shareviahttp?

Thanks!

If the response from the server included a Content-Length header indicating the size of the incoming file then browsers could display proper progress bar/ETA.
Mostly a QoL improvement but seems like it could be pretty simple to implement.

Hi @marcosdiez

I found this app on the Google Play Store. This guy just took your source code, added some ads in it and put it on the Store, without warning this is free software...

As you are the owner of the source code, feel free to open a request to google here to remove the false app from the Store, if it's your wish ;)

Don't forget to tell Google that:

• The app is licensed under BSD license and this guy is violating it;
• He is falsely claiming he made the app;
• Provide some screenshots of your own app and a link to it.

I have completed the translation of your application into es (Spanish). Here is the xml:

<?xml version="1.0" encoding="utf-8"?>
<resources>
    <string name="app_name">Compartir por HTTP</string>

    <string name="standard_url">http://127.0.0.1/</string>



	<string name="technical_info">Restricciones técnicas: Con WiFi funcionará siempre. Fuera, dependerá de firewalls, NAT, etc. Una dirección IPv6 no bloqueada debería funcionar en cualquier lugar.</string>
    <string name="barcode_scanner_msg">Además, si instalas la aplicación <a href=\"http://market.android.com/details?id=com.google.zxing.client.android\" >Barcode Scanner</a>, esta URL pueder sen enviada como un código de barras también.</string>

    <string name="rate_app">Puntuar esta App</string>
    <string name="button_qrcode">Crear código QR</string>
    <string name="change_ip">Cambiar IP</string>
    <string name="share_containing_folder">Campatir la carpeta que contiene el archivo</string>
    <string name="share_url">Compartir URL</string>
    <string name="stop_server">Parar servidor</string>


    <string name="now_sharing_anymore">El archivo no está siendo compartido más.</string>



    <string name="alert_dialog_ok">OK</string>
    <string name="alert_dialog_cancel">Cancelar</string>
    <string name="qr_code_not_available">Aplicación de códigos QR no disponible</string>
    <string name="url_clipboard">La URL de ha copiado al portapapeles.</string>
    <string name="privacy_policy">Política de privacidad</string>

</resources>

Translation made with Stringlate.

using shareviahttp in wlan requires two manual clicks to change the ip adress of the webserver.
it would be nice, if local ip gets selected automatically when device is connected to wlan.
in a prior version this was the case.
if it isn't practical anymore, perhaps an option for "preferred ip adress type" or similar could be added.

When I try to tranfer data with "Share via HTTP", I cannot establish HTTP connection.
So it looks like this:

$ wget http://192.168.9.111:9999/
--2019-01-11 19:37:43--  http://192.168.9.111:9999/
Connecting to 192.168.9.111:9999... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

and this:

$ telnet 192.168.9.111 9999
Trying 192.168.9.111...
Connected to 192.168.9.111.
Escape character is '^]'.
Connection closed by foreign host.

No file transfer takes place, of course. So the mobile phone accepts connection, and then terminates it.
I'm attaching tcpdump PCAP file for even more details.

That happens on Redmi note 6 pro, running android 8.1.0 (MIUI 10.0.5.0) with latest "Share via HTTP" v.2.0.8 from f-droid. I've disabled power saving for the app and permissions look ok.

When I try the same thing on same network using LG G3 running LineageOS 14.1 (Android 7.1.2), it works just fine. Any idea what may be the problem?

Consider closing the http server as soon as someone navigates away from the app

I have shared the link to my freinds. But the link is not opening. On both data and wifi the link is not opening.

Hey.

For security reasons I think, it would be wise to make a (configurable) connection timeout.
E.g. "if no client starts downloading in 2 minutes after the server started. Stop the server.

Cheers,
Chris.

The change IP screen always shows the radio button of the first option checked regardless of which IP configuration is current.

Works perfect, thank you

Let the user configure which port he wants to get the files served under.

Cheers,
Chris.

Hi.

Really a wonderful app, something I've been looking for quite long (I hated all the non-open-source and bloated solutions).

I'll open a number of issues with ideas for improvement :-)

The app will allow any URL, when accessing the http server.
E.g. not just:
http:/192.168.0.1:9999/
but also
http:/192.168.0.1:9999/foobar

Not really an immediate problem but still I'd feel better if it wouldn't allow that (one could think of attackers somehow trying to get access to non served files e.g. http:/192.168.0.1:9999/../../etc/passwd or so ;-)

Cheers,
Chris.

//package name: com.MarcosDiez.shareviahttp
//version: 2.0.5
//target sdk version: android-18
android.content.ActivityNotFoundException: No Activity found to handle Intent { act=android.intent.action.VIEW dat=market://details?id=com.MarcosDiez.shareviahttp }
at android.app.Instrumentation.checkStartActivityResult(Instrumentation.java:1632)
at android.app.Instrumentation.execStartActivity(Instrumentation.java:1424)
at android.app.Activity.startActivityForResult(Activity.java:3390)
at android.support.v4.app.BaseFragmentActivityJB.startActivityForResult(BaseFragmentActivityJB.java:50)
at android.support.v4.app.FragmentActivity.startActivityForResult(FragmentActivity.java:79)
at android.app.Activity.startActivityForResult(Activity.java:3351)
at android.support.v4.app.FragmentActivity.startActivityForResult(FragmentActivity.java:859)
at android.app.Activity.startActivity(Activity.java:3587)
at android.app.Activity.startActivity(Activity.java:3555)
at com.MarcosDiez.shareviahttp.activities.BaseActivity.rate_this_app(BaseActivity.java:216)
at com.MarcosDiez.shareviahttp.activities.BaseActivity.onOptionsItemSelected(BaseActivity.java:202)
at android.app.Activity.onMenuItemSelected(Activity.java:2566)
at android.support.v4.app.FragmentActivity.onMenuItemSelected(FragmentActivity.java:408)
at android.support.v7.app.AppCompatActivity.onMenuItemSelected(AppCompatActivity.java:195)
at android.support.v7.view.WindowCallbackWrapper.onMenuItemSelected(WindowCallbackWrapper.java:113)
at android.support.v7.view.WindowCallbackWrapper.onMenuItemSelected(WindowCallbackWrapper.java:113)
at android.support.v7.app.ToolbarActionBar$2.onMenuItemClick(ToolbarActionBar.java:69)
at android.support.v7.widget.Toolbar$1.onMenuItemClick(Toolbar.java:206)
at android.support.v7.widget.ActionMenuView$MenuBuilderCallback.onMenuItemSelected(ActionMenuView.java:776)
at android.support.v7.view.menu.MenuBuilder.dispatchMenuItemSelected(MenuBuilder.java:822)
at android.support.v7.view.menu.MenuItemImpl.invoke(MenuItemImpl.java:156)
at android.support.v7.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:969)
at android.support.v7.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:959)
at android.support.v7.widget.ActionMenuView.invokeItem(ActionMenuView.java:623)
at android.support.v7.view.menu.ActionMenuItemView.onClick(ActionMenuItemView.java:154)
at android.view.View.performClick(View.java:4240)
at android.view.View$PerformClick.run(View.java:17721)
at android.os.Handler.handleCallback(Handler.java:730)
at android.os.Handler.dispatchMessage(Handler.java:92)
at android.os.Looper.loop(Looper.java:137)
at android.app.ActivityThread.main(ActivityThread.java:5103)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:525)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:737)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
at dalvik.system.NativeStart.main(Native Method)

The newest version on F-Droid is 2.0.8 since 2.0.9 couldn't be build because Google Maven repo wasn't added to build.gradle.

Also ver. 2.0.10 isn't tagged so it didn't get add to the metadata file.

Can we please get ver. 2.0.10 on F-Droid?

issue on F-Droid Data tracker

Everything is in the title, it will be a perfect addition, thank you for this great work !

Is it common that my download speed is almost 1MB/s? My Internet speed is sometimes faster with the same wi-fi modem. Is problem with me or with the app?

When sharing plain text without attachments using "Share via HTTP", it crashes.

It will be more easy if the app automatically turn OFF connected wifi/mobile data connection and turn ON mobile hotspot after we pick a file for transfer. Like other apps shareit , super beam etc

UI request

in the window listing all files being available to download, it would be nice to have

• the size of the files being transferred (next to each file)
• the total size (sum of previous values)
• the size of the zipped archive.

HTTP header request

• add the size of the download so that the browser (or client in general) can compute estimation

details

I know that the zip archive is created on the fly and so it is impossible to know the size before, but maybe is it a possible solution to spawn a thread that create the zip on the fly (without storing it) just to compute the size?

This makes especially sense in combination with #34 and when one allows to disable http (i.e. non-TLS access) completely:

Support HTTP basic auth,... with TLS that would give proper access control to the shared files, so no eavesdroppers on the WiFi can access the files.

That would include:

• allow users to configure a general default password OR allow them to choose that the app creates a new one for each share
• allow the user to change/set the password per share (in the main view)
• allow the user to click somewhere in the main view, to let the password be shown it in (per default it shouln't be displayed)

Cheers,
Chris.

Since redirect header Location: does not begin with protocol:// (like https://), it is assumed to be local file (with relative path in current directory) residing on same web server (your mobile phone). The result is that your web browser enters infinite redirect loop...

version is 2.0.8 from f-droid (latest, as newer ones cannot be built due to #56)

for example, sharing URL from mobile phone web browser results is:

--2021-03-10 12:01:08--  http://192.168.0.172:9999/
Connecting to 192.168.0.172:9999... connected.
HTTP request sent, awaiting response...
  HTTP/1.0 302 Moved Temporarily
  Date: Wed, 10 Mar 2021 12:01:10 GMT+01:00
  Connection: close
  Server: ShareViaHttp 2.0.8
  Location: https%3A%2F%2Fwww.bloomberg.com%2Fgraphics%2Fcovid-vaccine-tracker-global-distribution%2F%23global-time-series-rates
  Expires: Tue, 03 Jul 2001 06:00:00 GMT
  Cache-Control: no-store, no-cache, must-revalidate, max-age=0
  Cache-Control: post-check=0, pre-check=0
  Pragma: no-cache
Location: https%3A%2F%2Fwww.bloomberg.com%2Fgraphics%2Fcovid-vaccine-tracker-global-distribution%2F%23global-time-series-rates [following]
--2021-03-10 12:01:08--  http://192.168.0.172:9999/https%3A%2F%2Fwww.bloomberg.com%2Fgraphics%2Fcovid-vaccine-tracker-global-distribution%2F%23global-time-series-rates
Connecting to 192.168.0.172:9999... connected.
HTTP request sent, awaiting response...
  HTTP/1.0 302 Moved Temporarily
  Date: Wed, 10 Mar 2021 12:01:10 GMT+01:00
  Connection: close
  Server: ShareViaHttp 2.0.8
  Location: https%3A%2F%2Fwww.bloomberg.com%2Fgraphics%2Fcovid-vaccine-tracker-global-distribution%2F%23global-time-series-rates
  Expires: Tue, 03 Jul 2001 06:00:00 GMT
  Cache-Control: no-store, no-cache, must-revalidate, max-age=0
  Cache-Control: post-check=0, pre-check=0
  Pragma: no-cache

[...]

Select some text with Emojis (:smile:, etc.) -> Share -> Share via HTTP

Access from other device (Firefox 59 here) -> Emojis are displayed as ?.

Hey.

When I e.g. share a single image at some path in the phone... then comes the main view of the app with the "share folder" button.
When I click that it goes from e.g.
file:///storage/emulated/0/DCIM/foo.jpg
to
file:///storage/emulated/0/DCIM/

When I click it again, it's already at:
file:///storage/emulated/0
and so on, always going one level up.

So IMO that button is a bit dangerous... as one easily shares (and zips) huge amounts of files.

Perhaps one should rather require the user to really select all these folders via some "file explorer" app and have them sent/shared to/via your app?

btw: The most recent URI RFCs allow the use of
file:/path/to/file
It's no longer necessary (though still allowed,... to do the triple-/)

I have created a shareable link and accidentally or not I have pressed the back button or home button of the phone , now the app is closed / minimized. Then I need to stop the server , so I have reponed the app but there is no option to stop the server .

So we need a solution for this issue.

Include a Changelog Link, within the F-Droid App', on Info' Page. Not present, as of: 2.0.3.

Hey.

In the mainview, there's the "stop server" button... however, there is no indication in the window, whether the server runs or not.

Perhaps, when clicking stop server, the app should simply close?

Cheers,
Chris.

On my phone, the wifi is disconnected after the display is off which is 1 minute after the last touch.
So, it would be nice if ShareViaHttp can keep the display on with a low brightness as long as it is in the foreground.

When the app is opened, only the 'PICK FILES' button is shown.
That would be great to also have a 'Share text from clipboard' button.

If you're sharing a single file, it would be nice if the filename was included in the HTTP response headers, so that things weren't saved as index.html. Content-disposition header is the one

Currently shareviahttp use Snackbar. This lib is deprecated because androids "new" design lib brings it's own Snackbar.

So, replaced MrEngineer13 Snackbar with the design Snackbar.

Like descripted in this todo we should made a QR code online and show it on its own activity.

I am completely new to this stuff. And I am wondering how hard it would be to add Dark Mode to this app?

Dear developers,

We have recently developed a state-of-the-art static analysis tool for uncovering API compatibility issues in Android apps. Applying this tool to open source apps on F-droid, we have exposed a few instances of compatibility issues and submitting them to development teams for a fix.

For your app, we have found that this project has accessed the following APIs which are available only on an API level higher than the declared minSdkVersion and which are accessed without proper protection. In other words, if those APIs get called at runtime, it will trigger a NoSuchMethodError and thus result in a crash of the running application.

<android.content.Intent: android.content.ClipData getClipData()>:[16,25]

Note that, because of the nature of the static analysis, we cannot confirm whether the flagged APIs would actually be called at runtime (e.g., unreachable code). However, we still believe that those APIs, which may cause compatibility issues, should not be accessed or at least be accessed with proper protections.

In addition to the aforementioned APIs (i.e., backward-compatibility), which could cause app crashes if accessed, we have also identified that this project has also accessed some APIs that have been removed from the latest public SDK, making the app possibly suffer from forward-compatibility issues.

NONE

We would be very much appreciated if you can acknowledge to us that those reported APIs are indeed problematic for the project’s long-term stability. please let us know if you need any more information relating to this issue report.

Dear contributors,

would you be willing to fill in a short 5-10 min survey (https://forms.gle/F3YwtLVKtk47yVhC9) about energy-efficient mobile development practices in the context of my master thesis? It's about raising awareness of software energy practices and about introducing a new open-source tool for helping in that regard. Your input would be greatly appreciated. Thanks a lot!

Ricardo Morais.

Hello, what about showing the MD5 checksum in the app?

Would be nice if the server supports TLS.

This would include things like:

• a further port setting for TLS
• allowing the user to disable either http or https (e.g. to have only https allowed)
• creating per default a self signed x.509 cert... for the server
• allowing the user to upload his own cert/key
• during the share view, show the certs fingerprint and DN in the main view (so that users can check)
• also show (generally) whether files are served via http, https or both

Currently, when you serve multiple files, you do so as ZIP.

This has typically the disadvantage that files must be actually ZIPped... so at least this should happen with the worst compression level...

An alternative could be tar... with that it should be possible to stream the multi file archive.