We should not use example.com to check connectivity

[mook-as]

Actual Behavior

Currently, when we do the connectivity check, we contact example.com and expect a HTTP response. We should use something that's designed for this sort of workload, rather than spamming connections to a (itself ill-advised) page meant for an example.

Steps to Reproduce

1. Set up a (HTTP) proxy for Rancher Desktop
2. Check the proxy logs and notice a lot of connections for https://example.com.

Result

A connection to https://example.com every five seconds.

Expected Behavior

• The host used should be something designed for a connectivity check
• If the connection was up 5 seconds ago, we should consider slowing down the check frequency.

Additional Information

rancher-desktop/pkg/rancher-desktop/main/diagnostics/connectedToInternet.ts

Line 35 in 9b2ad4a

await fetch('https://example.com/', { signal: controller.signal });

Rancher Desktop Version

1.7.0-1270-g9b8bdee9

Rancher Desktop K8s Version

N/A

Which container engine are you using?

containerd (nerdctl)

What operating system are you using?

Windows

Operating System / Build Version

Windows 10 Pro 22H2 (Build 19045.2846)

What CPU architecture are you using?

x64

Linux only: what package format did you use to install Rancher Desktop?

None

Windows User Only

N/A

[HillLiu]

Yes, I found the same thing and I'm curious if there are any security issues with it?

[mook-as]

Nah, we're using that to check if we're online (and discard the results), so even if you manage to intercept the traffic it won't do much. (And in that case you'd need to be able to generate a certificate that works, which implies you can intercept more interesting hosts…)

[flamein]

This practice is triggering my Firewall because example.com is returning something unexpected from it's IP address which is on several blacklists. Is there really no other way to determine if the internet is reachable?

For instance, you could use the same address that is used to check for updates if you must... at least that would be something expected.

[rkettelerij]

example.com might just be the worst host to check for internet connectivity. The whole point of example.com/net/org is to be used as an example host in documentation, without the need to resolve to anything! Currently it doesn't resolve and Rancher is spamming the logs. Also since its meant to be used for documentation purposes you could even consider it an error when requests are actually taking place to such a domain.

Why not change it to rancherdesktop.io or a file in a S3 bucket (the world has bigger problems when S3 goes down)? Happy to provide a PR if you wish.

[jandubois]

I've decided to use http://docs.rancherdesktop.io/. The URL is already used by help menus and buttons, so should ideally be already allowed in firewall and proxy rules. I didn't want to use the update checker URL because somebody might want to block it, to be extra-sure that the app doesn't auto-update.

Also just pulling the HTTP redirect response and not the whole webpage.