Web view with web3.site support (#4313)

* Web-domain based routing

* Support base32-encoded urls

* Proper support for non-domain based routing

* Handling long domain names

* Switching to web3.site

* Encoding for *.web3.site urls

* Add DappUrlInput component

* Update Web views with store

* Update spec description

* Update spec description

* edited url does not allow in-place store edits

* Fixing dapps access on 127.0.0.1:8180

* Use /web/<hash> urls for iframe

* Redirecting to parity.web3.site

* Disabling the redirection

dapps/src/api/api.rs

@@ -123,6 +123,7 @@ impl server::Handler<net::HttpStream> for RestApiRouter {
 			return Next::write();
 		}
 
+		// TODO [ToDr] Consider using `path.app_params` instead
 		let url = extract_url(&request);
 		if url.is_none() {
 			// Just return 404 if we can't parse URL

dapps/src/apps/mod.rs

@@ -32,8 +32,8 @@ pub mod manifest;
 
 extern crate parity_ui;
 
-pub const HOME_PAGE: &'static str = "home";
-pub const DAPPS_DOMAIN: &'static str = ".parity";
+pub const HOME_PAGE: &'static str = "parity";
+pub const DAPPS_DOMAIN: &'static str = ".web3.site";
 pub const RPC_PATH: &'static str =  "rpc";
 pub const API_PATH: &'static str =  "api";
 pub const UTILS_PATH: &'static str =  "parity-utils";

dapps/src/endpoint.rs

@@ -22,6 +22,7 @@ use std::collections::BTreeMap;
 #[derive(Debug, PartialEq, Default, Clone)]
 pub struct EndpointPath {
 	pub app_id: String,
+	pub app_params: Vec<String>,
 	pub host: String,
 	pub port: u16,
 	pub using_dapps_domains: bool,

dapps/src/lib.rs

@@ -19,6 +19,7 @@
 #![warn(missing_docs)]
 #![cfg_attr(feature="nightly", plugin(clippy))]
 
+extern crate base32;
 extern crate hyper;
 extern crate time;
 extern crate url as url_lib;
@@ -91,11 +92,11 @@ impl<F> SyncStatus for F where F: Fn() -> bool + Send + Sync {
 /// Validates Web Proxy tokens
 pub trait WebProxyTokens: Send + Sync {
 	/// Should return true if token is a valid web proxy access token.
-	fn is_web_proxy_token_valid(&self, token: &String) -> bool;
+	fn is_web_proxy_token_valid(&self, token: &str) -> bool;
 }
 
 impl<F> WebProxyTokens for F where F: Fn(String) -> bool + Send + Sync {
-	fn is_web_proxy_token_valid(&self, token: &String) -> bool { self(token.to_owned()) }
+	fn is_web_proxy_token_valid(&self, token: &str) -> bool { self(token.to_owned()) }
 }
 
 /// Webapps HTTP+RPC server build.
@@ -409,6 +410,6 @@ mod util_tests {
 
 		// then
 		assert_eq!(none, Vec::<String>::new());
-		assert_eq!(some, vec!["http://home.parity".to_owned(), "http://127.0.0.1:18180".into()]);
+		assert_eq!(some, vec!["http://parity.web3.site".to_owned(), "http://127.0.0.1:18180".into()]);
 	}
 }

dapps/src/page/handler.rs

@@ -252,6 +252,7 @@ fn should_extract_path_with_appid() {
 		prefix: None,
 		path: EndpointPath {
 			app_id: "app".to_owned(),
+			app_params: vec![],
 			host: "".to_owned(),
 			port: 8080,
 			using_dapps_domains: true,

dapps/src/router/mod.rs

@@ -97,9 +97,7 @@ impl<A: Authorization + 'static> server::Handler<HttpStream> for Router<A> {
 				=>
 			{
 				trace!(target: "dapps", "Redirecting to correct web request: {:?}", referer_url);
-				// TODO [ToDr] Some nice util for this!
-				let using_domain = if referer.using_dapps_domains { 0 } else { 1 };
-				let len = cmp::min(referer_url.path.len(), using_domain + 3); // token + protocol + hostname
+				let len = cmp::min(referer_url.path.len(), 2); // /web/<encoded>/
 				let base = referer_url.path[..len].join("/");
 				let requested = url.map(|u| u.path.join("/")).unwrap_or_default();
 				Redirection::boxed(&format!("/{}/{}", base, requested))
@@ -262,20 +260,27 @@ fn extract_endpoint(url: &Option<Url>) -> (Option<EndpointPath>, SpecialEndpoint
 	match *url {
 		Some(ref url) => match url.host {
 			Host::Domain(ref domain) if domain.ends_with(DAPPS_DOMAIN) => {
-				let len = domain.len() - DAPPS_DOMAIN.len();
-				let id = domain[0..len].to_owned();
+				let id = &domain[0..(domain.len() - DAPPS_DOMAIN.len())];
+				let (id, params) = if let Some(split) = id.rfind('.') {
+					let (params, id) = id.split_at(split);
+					(id[1..].to_owned(), [params.to_owned()].into_iter().chain(&url.path).cloned().collect())
+				} else {
+					(id.to_owned(), url.path.clone())
+				};
 
 				(Some(EndpointPath {
 					app_id: id,
+					app_params: params,
 					host: domain.clone(),
 					port: url.port,
 					using_dapps_domains: true,
 				}), special_endpoint(url))
 			},
 			_ if url.path.len() > 1 => {
-				let id = url.path[0].clone();
+				let id = url.path[0].to_owned();
 				(Some(EndpointPath {
-					app_id: id.clone(),
+					app_id: id,
+					app_params: url.path[1..].to_vec(),
 					host: format!("{}", url.host),
 					port: url.port,
 					using_dapps_domains: false,
@@ -296,6 +301,7 @@ fn should_extract_endpoint() {
 		extract_endpoint(&Url::parse("http://localhost:8080/status/index.html").ok()),
 		(Some(EndpointPath {
 			app_id: "status".to_owned(),
+			app_params: vec!["index.html".to_owned()],
 			host: "localhost".to_owned(),
 			port: 8080,
 			using_dapps_domains: false,
@@ -307,6 +313,7 @@ fn should_extract_endpoint() {
 		extract_endpoint(&Url::parse("http://localhost:8080/rpc/").ok()),
 		(Some(EndpointPath {
 			app_id: "rpc".to_owned(),
+			app_params: vec!["".to_owned()],
 			host: "localhost".to_owned(),
 			port: 8080,
 			using_dapps_domains: false,
@@ -314,10 +321,11 @@ fn should_extract_endpoint() {
 	);
 
 	assert_eq!(
-		extract_endpoint(&Url::parse("http://my.status.parity/parity-utils/inject.js").ok()),
+		extract_endpoint(&Url::parse("http://my.status.web3.site/parity-utils/inject.js").ok()),
 		(Some(EndpointPath {
-			app_id: "my.status".to_owned(),
-			host: "my.status.parity".to_owned(),
+			app_id: "status".to_owned(),
+			app_params: vec!["my".to_owned(), "parity-utils".into(), "inject.js".into()],
+			host: "my.status.web3.site".to_owned(),
 			port: 80,
 			using_dapps_domains: true,
 		}), SpecialEndpoint::Utils)
@@ -325,10 +333,11 @@ fn should_extract_endpoint() {
 
 	// By Subdomain
 	assert_eq!(
-		extract_endpoint(&Url::parse("http://my.status.parity/test.html").ok()),
+		extract_endpoint(&Url::parse("http://status.web3.site/test.html").ok()),
 		(Some(EndpointPath {
-			app_id: "my.status".to_owned(),
-			host: "my.status.parity".to_owned(),
+			app_id: "status".to_owned(),
+			app_params: vec!["test.html".to_owned()],
+			host: "status.web3.site".to_owned(),
 			port: 80,
 			using_dapps_domains: true,
 		}), SpecialEndpoint::None)
@@ -336,10 +345,11 @@ fn should_extract_endpoint() {
 
 	// RPC by subdomain
 	assert_eq!(
-		extract_endpoint(&Url::parse("http://my.status.parity/rpc/").ok()),
+		extract_endpoint(&Url::parse("http://my.status.web3.site/rpc/").ok()),
 		(Some(EndpointPath {
-			app_id: "my.status".to_owned(),
-			host: "my.status.parity".to_owned(),
+			app_id: "status".to_owned(),
+			app_params: vec!["my".to_owned(), "rpc".into(), "".into()],
+			host: "my.status.web3.site".to_owned(),
 			port: 80,
 			using_dapps_domains: true,
 		}), SpecialEndpoint::Rpc)
@@ -347,10 +357,11 @@ fn should_extract_endpoint() {
 
 	// API by subdomain
 	assert_eq!(
-		extract_endpoint(&Url::parse("http://my.status.parity/api/").ok()),
+		extract_endpoint(&Url::parse("http://my.status.web3.site/api/").ok()),
 		(Some(EndpointPath {
-			app_id: "my.status".to_owned(),
-			host: "my.status.parity".to_owned(),
+			app_id: "status".to_owned(),
+			app_params: vec!["my".to_owned(), "api".into(), "".into()],
+			host: "my.status.web3.site".to_owned(),
 			port: 80,
 			using_dapps_domains: true,
 		}), SpecialEndpoint::Api)

dapps/src/tests/api.rs

@@ -143,7 +143,7 @@ fn should_return_signer_port_cors_headers_for_home_parity() {
 		"\
 			POST /api/ping HTTP/1.1\r\n\
 			Host: localhost:8080\r\n\
-			Origin: http://home.parity\r\n\
+			Origin: http://parity.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 			{}
@@ -153,8 +153,8 @@ fn should_return_signer_port_cors_headers_for_home_parity() {
 	// then
 	assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
 	assert!(
-		response.headers_raw.contains("Access-Control-Allow-Origin: http://home.parity"),
-		"CORS header for home.parity missing: {:?}",
+		response.headers_raw.contains("Access-Control-Allow-Origin: http://parity.web3.site"),
+		"CORS header for parity.web3.site missing: {:?}",
 		response.headers
 	);
 }

dapps/src/tests/fetch.rs

@@ -31,7 +31,7 @@ fn should_resolve_dapp() {
 	let response = request(server,
 		"\
 			GET / HTTP/1.1\r\n\
-			Host: 1472a9e190620cdf6b31f383373e45efcfe869a820c91f9ccd7eb9fb45e4985d.parity\r\n\
+			Host: 1472a9e190620cdf6b31f383373e45efcfe869a820c91f9ccd7eb9fb45e4985d.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
@@ -52,7 +52,7 @@ fn should_return_503_when_syncing_but_should_make_the_calls() {
 	let response = request(server,
 		"\
 			GET / HTTP/1.1\r\n\
-			Host: 1472a9e190620cdf6b31f383373e45efcfe869a820c91f9ccd7eb9fb45e4985d.parity\r\n\
+			Host: 1472a9e190620cdf6b31f383373e45efcfe869a820c91f9ccd7eb9fb45e4985d.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
@@ -81,7 +81,7 @@ fn should_return_502_on_hash_mismatch() {
 	let response = request(server,
 		"\
 			GET / HTTP/1.1\r\n\
-			Host: 94f093625c06887d94d9fee0d5f9cc4aaa46f33d24d1c7e4b5237e7c37d547dd.parity\r\n\
+			Host: 94f093625c06887d94d9fee0d5f9cc4aaa46f33d24d1c7e4b5237e7c37d547dd.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
@@ -112,7 +112,7 @@ fn should_return_error_for_invalid_dapp_zip() {
 	let response = request(server,
 		"\
 			GET / HTTP/1.1\r\n\
-			Host: 2be00befcf008bc0e7d9cdefc194db9c75352e8632f48498b5a6bfce9f02c88e.parity\r\n\
+			Host: 2be00befcf008bc0e7d9cdefc194db9c75352e8632f48498b5a6bfce9f02c88e.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
@@ -144,7 +144,7 @@ fn should_return_fetched_dapp_content() {
 	let response1 = http_client::request(server.addr(),
 		"\
 			GET /index.html HTTP/1.1\r\n\
-			Host: 9c94e154dab8acf859b30ee80fc828fb1d38359d938751b65db71d460588d82a.parity\r\n\
+			Host: 9c94e154dab8acf859b30ee80fc828fb1d38359d938751b65db71d460588d82a.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
@@ -152,7 +152,7 @@ fn should_return_fetched_dapp_content() {
 	let response2 = http_client::request(server.addr(),
 		"\
 			GET /manifest.json HTTP/1.1\r\n\
-			Host: 9c94e154dab8acf859b30ee80fc828fb1d38359d938751b65db71d460588d82a.parity\r\n\
+			Host: 9c94e154dab8acf859b30ee80fc828fb1d38359d938751b65db71d460588d82a.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
@@ -207,7 +207,7 @@ fn should_return_fetched_content() {
 	let response = request(server,
 		"\
 			GET / HTTP/1.1\r\n\
-			Host: 2be00befcf008bc0e7d9cdefc194db9c75352e8632f48498b5a6bfce9f02c88e.parity\r\n\
+			Host: 2be00befcf008bc0e7d9cdefc194db9c75352e8632f48498b5a6bfce9f02c88e.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
@@ -234,7 +234,7 @@ fn should_cache_content() {
 	);
 	let request_str = "\
 		GET / HTTP/1.1\r\n\
-		Host: 2be00befcf008bc0e7d9cdefc194db9c75352e8632f48498b5a6bfce9f02c88e.parity\r\n\
+		Host: 2be00befcf008bc0e7d9cdefc194db9c75352e8632f48498b5a6bfce9f02c88e.web3.site\r\n\
 		Connection: close\r\n\
 		\r\n\
 	";
@@ -265,7 +265,7 @@ fn should_not_request_content_twice() {
 	);
 	let request_str = "\
 		GET / HTTP/1.1\r\n\
-		Host: 2be00befcf008bc0e7d9cdefc194db9c75352e8632f48498b5a6bfce9f02c88e.parity\r\n\
+		Host: 2be00befcf008bc0e7d9cdefc194db9c75352e8632f48498b5a6bfce9f02c88e.web3.site\r\n\
 		Connection: close\r\n\
 		\r\n\
 	";
@@ -298,6 +298,17 @@ fn should_not_request_content_twice() {
 	response2.assert_status("HTTP/1.1 200 OK");
 }
 
+#[test]
+fn should_encode_and_decode_base32() {
+	use base32;
+
+	let encoded = base32::encode(base32::Alphabet::Crockford, "token+https://parity.io".as_bytes());
+	assert_eq!("EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY", &encoded);
+
+	let data = base32::decode(base32::Alphabet::Crockford, "EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY").unwrap();
+	assert_eq!("token+https://parity.io", &String::from_utf8(data).unwrap());
+}
+
 #[test]
 fn should_stream_web_content() {
 	// given
@@ -306,8 +317,8 @@ fn should_stream_web_content() {
 	// when
 	let response = request(server,
 		"\
-			GET /web/token/https/parity.io/ HTTP/1.1\r\n\
-			Host: localhost:8080\r\n\
+			GET / HTTP/1.1\r\n\
+			Host: EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY.web.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
@@ -322,20 +333,90 @@ fn should_stream_web_content() {
 }
 
 #[test]
-fn should_return_error_on_invalid_token() {
+fn should_support_base32_encoded_web_urls() {
 	// given
 	let (server, fetch) = serve_with_fetch("token");
 
 	// when
 	let response = request(server,
 		"\
-			GET /web/invalidtoken/https/parity.io/ HTTP/1.1\r\n\
+			GET /styles.css?test=123 HTTP/1.1\r\n\
+			Host: EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY.web.web3.site\r\n\
+			Connection: close\r\n\
+			\r\n\
+		"
+	);
+
+	// then
+	response.assert_status("HTTP/1.1 200 OK");
+	assert_security_headers_for_embed(&response.headers);
+
+	fetch.assert_requested("https://parity.io/styles.css?test=123");
+	fetch.assert_no_more_requests();
+}
+
+#[test]
+fn should_correctly_handle_long_label_when_splitted() {
+	// given
+	let (server, fetch) = serve_with_fetch("xolrg9fePeQyKLnL");
+
+	// when
+	let response = request(server,
+		"\
+			GET /styles.css?test=123 HTTP/1.1\r\n\
+			Host: f1qprwk775k6am35a5wmpk3e9gnpgx3me1sk.mbsfcdqpwx3jd5h7ax39dxq2wvb5dhqpww3fe9t2wrvfdm.web.web3.site\r\n\
+			Connection: close\r\n\
+			\r\n\
+		"
+	);
+
+	// then
+	response.assert_status("HTTP/1.1 200 OK");
+	assert_security_headers_for_embed(&response.headers);
+
+	fetch.assert_requested("https://contribution.melonport.com/styles.css?test=123");
+	fetch.assert_no_more_requests();
+}
+
+
+#[test]
+fn should_support_base32_encoded_web_urls_as_path() {
+	// given
+	let (server, fetch) = serve_with_fetch("token");
+
+	// when
+	let response = request(server,
+		"\
+			GET /web/EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY/styles.css?test=123 HTTP/1.1\r\n\
 			Host: localhost:8080\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
 	);
 
+	// then
+	response.assert_status("HTTP/1.1 200 OK");
+	assert_security_headers_for_embed(&response.headers);
+
+	fetch.assert_requested("https://parity.io/styles.css?test=123");
+	fetch.assert_no_more_requests();
+}
+
+#[test]
+fn should_return_error_on_invalid_token() {
+	// given
+	let (server, fetch) = serve_with_fetch("test");
+
+	// when
+	let response = request(server,
+		"\
+			GET / HTTP/1.1\r\n\
+			Host: EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY.web.web3.site\r\n\
+			Connection: close\r\n\
+			\r\n\
+		"
+	);
+
 	// then
 	response.assert_status("HTTP/1.1 400 Bad Request");
 	assert_security_headers_for_embed(&response.headers);
@@ -365,28 +446,6 @@ fn should_return_error_on_invalid_protocol() {
 	fetch.assert_no_more_requests();
 }
 
-#[test]
-fn should_redirect_if_trailing_slash_is_missing() {
-	// given
-	let (server, fetch) = serve_with_fetch("token");
-
-	// when
-	let response = request(server,
-		"\
-			GET /web/token/https/parity.io HTTP/1.1\r\n\
-			Host: localhost:8080\r\n\
-			Connection: close\r\n\
-			\r\n\
-		"
-	);
-
-	// then
-	response.assert_status("HTTP/1.1 302 Found");
-	response.assert_header("Location", "/web/token/https/parity.io/");
-
-	fetch.assert_no_more_requests();
-}
-
 #[test]
 fn should_disallow_non_get_requests() {
 	// given
@@ -395,8 +454,8 @@ fn should_disallow_non_get_requests() {
 	// when
 	let response = request(server,
 		"\
-			POST /token/https/parity.io/ HTTP/1.1\r\n\
-			Host: web.parity\r\n\
+			POST / HTTP/1.1\r\n\
+			Host: EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY.web.web3.site\r\n\
 			Content-Type: application/json\r\n\
 			Connection: close\r\n\
 			\r\n\
@@ -423,14 +482,37 @@ fn should_fix_absolute_requests_based_on_referer() {
 			GET /styles.css HTTP/1.1\r\n\
 			Host: localhost:8080\r\n\
 			Connection: close\r\n\
-			Referer: http://localhost:8080/web/token/https/parity.io/\r\n\
+			Referer: http://localhost:8080/web/EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY/\r\n\
 			\r\n\
 		"
 	);
 
 	// then
 	response.assert_status("HTTP/1.1 302 Found");
-	response.assert_header("Location", "/web/token/https/parity.io/styles.css");
+	response.assert_header("Location", "/web/EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY/styles.css");
+
+	fetch.assert_no_more_requests();
+}
+
+#[test]
+fn should_fix_absolute_requests_based_on_referer_in_url() {
+	// given
+	let (server, fetch) = serve_with_fetch("token");
+
+	// when
+	let response = request(server,
+		"\
+			GET /styles.css HTTP/1.1\r\n\
+			Host: localhost:8080\r\n\
+			Connection: close\r\n\
+			Referer: http://localhost:8080/?__referer=web/EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY/\r\n\
+			\r\n\
+		"
+	);
+
+	// then
+	response.assert_status("HTTP/1.1 302 Found");
+	response.assert_header("Location", "/web/EHQPPSBE5DM78X3GECX2YBVGC5S6JX3S5SMPY/styles.css");
 
 	fetch.assert_no_more_requests();
 }

dapps/src/tests/redirection.rs

@@ -105,7 +105,7 @@ fn should_display_404_on_invalid_dapp_with_domain() {
 	let response = request(server,
 		"\
 			GET / HTTP/1.1\r\n\
-			Host: invaliddapp.parity\r\n\
+			Host: invaliddapp.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 		"
@@ -179,7 +179,7 @@ fn should_serve_proxy_pac() {
 
 	// then
 	assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
-	assert_eq!(response.body, "D5\n\nfunction FindProxyForURL(url, host) {\n\tif (shExpMatch(host, \"home.parity\"))\n\t{\n\t\treturn \"PROXY 127.0.0.1:18180\";\n\t}\n\n\tif (shExpMatch(host, \"*.parity\"))\n\t{\n\t\treturn \"PROXY 127.0.0.1:8080\";\n\t}\n\n\treturn \"DIRECT\";\n}\n\n0\n\n".to_owned());
+	assert_eq!(response.body, "DD\n\nfunction FindProxyForURL(url, host) {\n\tif (shExpMatch(host, \"parity.web3.site\"))\n\t{\n\t\treturn \"PROXY 127.0.0.1:18180\";\n\t}\n\n\tif (shExpMatch(host, \"*.web3.site\"))\n\t{\n\t\treturn \"PROXY 127.0.0.1:8080\";\n\t}\n\n\treturn \"DIRECT\";\n}\n\n0\n\n".to_owned());
 	assert_security_headers(&response.headers);
 }
 

dapps/src/tests/validation.rs

@@ -66,7 +66,7 @@ fn should_serve_dapps_domains() {
 	let response = request(server,
 		"\
 			GET / HTTP/1.1\r\n\
-			Host: ui.parity\r\n\
+			Host: ui.web3.site\r\n\
 			Connection: close\r\n\
 			\r\n\
 			{}

dapps/src/web.rs

@@ -20,6 +20,7 @@ use std::sync::Arc;
 use fetch::{self, Fetch};
 use parity_reactor::Remote;
 
+use base32;
 use hyper::{self, server, net, Next, Encoder, Decoder};
 use hyper::status::StatusCode;
 
@@ -27,7 +28,7 @@ use apps;
 use endpoint::{Endpoint, Handler, EndpointPath};
 use handlers::{
 	ContentFetcherHandler, ContentHandler, ContentValidator, ValidatorResponse,
-	StreamingHandler, Redirection, extract_url,
+	StreamingHandler, extract_url,
 };
 use url::Url;
 use WebProxyTokens;
@@ -86,9 +87,10 @@ impl ContentValidator for WebInstaller {
 		);
 		if is_html {
 			handler.set_initial_content(&format!(
-				r#"<script src="/{}/inject.js"></script><script>history.replaceState({{}}, "", "/?{}{}")</script>"#,
+				r#"<script src="/{}/inject.js"></script><script>history.replaceState({{}}, "", "/?{}{}/{}")</script>"#,
 				apps::UTILS_PATH,
 				apps::URL_REFERER,
+				apps::WEB_PATH,
 				&self.referer,
 			));
 		}
@@ -99,7 +101,6 @@ impl ContentValidator for WebInstaller {
 enum State<F: Fetch> {
 	Initial,
 	Error(ContentHandler),
-	Redirecting(Redirection),
 	Fetching(ContentFetcherHandler<WebInstaller, F>),
 }
 
@@ -114,25 +115,26 @@ struct WebHandler<F: Fetch> {
 }
 
 impl<F: Fetch> WebHandler<F> {
-	fn extract_target_url(&self, url: Option<Url>) -> Result<(String, String), State<F>> {
-		let (path, query) = match url {
-			Some(url) => (url.path, url.query),
-			None => {
-				return Err(State::Error(ContentHandler::error(
-					StatusCode::BadRequest, "Invalid URL", "Couldn't parse URL", None, self.embeddable_on.clone()
-				)));
-			}
-		};
+	fn extract_target_url(&self, url: Option<Url>) -> Result<String, State<F>> {
+		let token_and_url = self.path.app_params.get(0)
+			.map(|encoded| encoded.replace('.', ""))
+			.and_then(|encoded| base32::decode(base32::Alphabet::Crockford, &encoded.to_uppercase()))
+			.and_then(|data| String::from_utf8(data).ok())
+			.ok_or_else(|| State::Error(ContentHandler::error(
+				StatusCode::BadRequest,
+				"Invalid parameter",
+				"Couldn't parse given parameter:",
+				self.path.app_params.get(0).map(String::as_str),
+				self.embeddable_on.clone()
+			)))?;
 
-		// Support domain based routing.
-		let idx = match path.get(0).map(|m| m.as_ref()) {
-			Some(apps::WEB_PATH) => 1,
-			_ => 0,
-		};
+		let mut token_it = token_and_url.split('+');
+		let token = token_it.next();
+		let target_url = token_it.next();
 
 		// Check if token supplied in URL is correct.
-		match path.get(idx) {
-			Some(ref token) if self.web_proxy_tokens.is_web_proxy_token_valid(token) => {},
+		match token {
+			Some(token) if self.web_proxy_tokens.is_web_proxy_token_valid(token) => {},
 			_ => {
 				return Err(State::Error(ContentHandler::error(
 					StatusCode::BadRequest, "Invalid Access Token", "Invalid or old web proxy access token supplied.", Some("Try refreshing the page."), self.embeddable_on.clone()
@@ -141,9 +143,8 @@ impl<F: Fetch> WebHandler<F> {
 		}
 
 		// Validate protocol
-		let protocol = match path.get(idx + 1).map(|a| a.as_str()) {
-			Some("http") => "http",
-			Some("https") => "https",
+		let mut target_url = match target_url {
+			Some(url) if url.starts_with("http://") || url.starts_with("https://") => url.to_owned(),
 			_ => {
 				return Err(State::Error(ContentHandler::error(
 					StatusCode::BadRequest, "Invalid Protocol", "Invalid protocol used.", None, self.embeddable_on.clone()
@@ -151,28 +152,35 @@ impl<F: Fetch> WebHandler<F> {
 			}
 		};
 
-		// Redirect if address to main page does not end with /
-		if let None = path.get(idx + 3) {
-			return Err(State::Redirecting(
-				Redirection::new(&format!("/{}/", path.join("/")))
-			));
+		if !target_url.ends_with("/") {
+			target_url = format!("{}/", target_url);
 		}
 
-		let query = match query {
-			Some(query) => format!("?{}", query),
+		// TODO [ToDr] Should just use `path.app_params`
+		let (path, query) = match (&url, self.path.using_dapps_domains) {
+			(&Some(ref url), true) => (&url.path[..], &url.query),
+			(&Some(ref url), false) => (&url.path[2..], &url.query),
+			_ => {
+				return Err(State::Error(ContentHandler::error(
+					StatusCode::BadRequest, "Invalid URL", "Couldn't parse URL", None, self.embeddable_on.clone()
+				)));
+			}
+		};
+
+		let query = match *query {
+			Some(ref query) => format!("?{}", query),
 			None => "".into(),
 		};
 
-		Ok((format!("{}://{}{}", protocol, path[idx + 2..].join("/"), query), path[0..].join("/")))
+		Ok(format!("{}{}{}", target_url, path.join("/"), query))
 	}
 }
 
 impl<F: Fetch> server::Handler<net::HttpStream> for WebHandler<F> {
 	fn on_request(&mut self, request: server::Request<net::HttpStream>) -> Next {
 		let url = extract_url(&request);
-
 		// First extract the URL (reject invalid URLs)
-		let (target_url, referer) = match self.extract_target_url(url) {
+		let target_url = match self.extract_target_url(url) {
 			Ok(url) => url,
 			Err(error) => {
 				self.state = error;
@@ -186,7 +194,9 @@ impl<F: Fetch> server::Handler<net::HttpStream> for WebHandler<F> {
 			self.control.clone(),
 			WebInstaller {
 				embeddable_on: self.embeddable_on.clone(),
-				referer: referer,
+				referer: self.path.app_params.get(0)
+					.expect("`target_url` is valid; app_params is not empty;qed")
+					.to_owned(),
 			},
 			self.embeddable_on.clone(),
 			self.remote.clone(),
@@ -202,7 +212,6 @@ impl<F: Fetch> server::Handler<net::HttpStream> for WebHandler<F> {
 		match self.state {
 			State::Initial => Next::end(),
 			State::Error(ref mut handler) => handler.on_request_readable(decoder),
-			State::Redirecting(ref mut handler) => handler.on_request_readable(decoder),
 			State::Fetching(ref mut handler) => handler.on_request_readable(decoder),
 		}
 	}
@@ -211,7 +220,6 @@ impl<F: Fetch> server::Handler<net::HttpStream> for WebHandler<F> {
 		match self.state {
 			State::Initial => Next::end(),
 			State::Error(ref mut handler) => handler.on_response(res),
-			State::Redirecting(ref mut handler) => handler.on_response(res),
 			State::Fetching(ref mut handler) => handler.on_response(res),
 		}
 	}
@@ -220,7 +228,6 @@ impl<F: Fetch> server::Handler<net::HttpStream> for WebHandler<F> {
 		match self.state {
 			State::Initial => Next::end(),
 			State::Error(ref mut handler) => handler.on_response_writable(encoder),
-			State::Redirecting(ref mut handler) => handler.on_response_writable(encoder),
 			State::Fetching(ref mut handler) => handler.on_response_writable(encoder),
 		}
 	}