Wp-calypso: Site Settings: Redirect logged-out Calypso links to site

I just came across this issue in 105170-h. Someone was sent a link in the format https://wordpress.com/post/theirsite.wordpress.com/2712 and was confused because they couldn't access the post/site.

I see these kinds of links every few days on the forums and on Twitter, and these are just the folks who have noticed their links don't work and are asking for help.

Here's an example thread:
https://twitter.com/TheNinja67/status/830113159897870336

I'm not logging all of these, but here's another:
https://en.forums.wordpress.com/topic/permitting-people-to-read-my-blog-posts?replies=7

This issue has been marked as stale because it hasn't been updated in a while. It will be closed in a week.
If you would like it to remain open, can you please you comment below and see what you can do to get things moving with this issue?
Thanks! 🙏

Hello, I was away when this auto closed. Re-opening, because I still see this _regularly_, both in support and when helping people in the community. Especially since many of our full page previews or post views have calypso URLs instead of the site URL on them.

Have a look.
https://cloudup.com/ccoyDRF2OPO

The site owners are frustrated, and I can't say their friends they're giving these links out to would be terribly impressed with WordPress either. While I would consider this more of an enhancement than a bug, I am going to go ahead and add the bug tag since this would certainly seem buggy to our users and their friends.

also noting a few recent instances from our forums: Is WordPress down?, Link on FB doesn't work, Link Issues

Noting one here

I hadn’t blogged for a while; but yesterday I wrote one and published it. I sent out e-mails to my followers with the link to my blog. The just had to click on the site I provided. I have been hearing that if they tried to open it on their cell phones, they only got a blank page. So I tried it. If I tried to access my blog on my cell phone, I only got a blank page.

This person was also giving out a Calypso link. :(

https://en.forums.wordpress.com/topic/access-49/

One thing that other apps do like Instagram, LinkedIn is allow the logged-out view if there are no related cookies or user sessions in the browser. But, if there is something like that looks like the person is a WP.com user, we'd prompt them to log in and view the post in the WordPress.com Reader.

@apeatling This could be a good trial project or good for Calypso team on the next Hack Day.

Just noting another instance here, though we see this all the time :( https://reply.buffer.com/conversations/W3AZgZRDxQABb6_Z

Reposting from the previous comment on #25596. We had a similar inquiry come to us through Twitter. See here: https://twitter.com/davidtedu/status/1009068846546685955 cc @lizkarkoski

@lancewillett is there anywhere we can see when the next hack weeks are scheduled? Would be great to be able to suggest issues to tackle from Happiness end, for these problems that may be low hanging fruits but create certain volume of support requests.

@iamgabrielma Good question. We have a few internal lists: wpcomideas, Updates P2 HACK week threads, and of course Trac/GitHub and other project boards. For now keep pinging me with items like this and I'll keep track as well.

https://twitter.com/Acantizza/status/1055974497944301569

https://twitter.com/mikeandallie/status/1060649697696800768

An interesting case for front end editing :)

Another case here:
https://en.forums.wordpress.com/topic/lost-my-content-2/

Took a quick spin at this and the hardest part is validating the redirect. We cannot simply take the value from the URL and redirect to it as that would make us an open redirect.

We could validate most plain site addresses by asking the sites api for information about the site address. Validating whole page or post URLs may be trickier, but perhaps we could only validate the host and trust that the rest will be handled by the target site...

13754073-hc

@griffbrad Any interest in @Automattic/team-calypso looking at this during an upcoming HACK week? It's a frequently requested item. (Internal link: https://wp.me/pKdGS-19c).

When opening a Calypso deep link that has a site slug, the user intent might be either:

1. actually visit the exact page the link points to, maybe having to login first
2. or visit the site

Visiting the site in case I'm logged out or if I'm logged in, but not member of the site, is hard: the flow doesn't support that.

At the same time, we want to continue supporting the "actually visit the deep linked Calypso page" flow, too.

In #34541, I created a proof of concept that:

1. After navigating to https://wordpress.com/customize/simpledream.wordpress.com, i.e., Customizer for a site that I'm not member of, offers visiting the foreign site on top of the existing site selector that displays only my sites:

1. After navigating to the same URL, but logged out, offers visiting the foreign site on top of the existing login page:

Note that the site slug (simpledream.wordpress.com or 281665) has a very loose relation to the actual site's URL (http://sensible.blog). Fortunately for us, the /rest/v1.2/sites/:site REST endpoint supports also public logged-out requests and returns all the info we need to make the link work: site's real URL, and also its name and icon.

What do folks think about this? The UI is certainly in need of some proper design, but conceptually it's a nice solution, isn't it? 😉