Browser Connector aggressively prompts to turn on Proxification

sklein3 · 2026-01-20T18:58:14+00:00

I’m suddenly being inundated with reports from both students and faculty about proxy redirection, specifically Zotero automatically adding our institutional proxy prefix to sites.

In many cases, users inadvertently enable this feature (often via a prompt) and then have no idea how to turn it off. This has resulted in significant confusion and support requests, especially for users who don’t understand what proxy rewriting is or why their URLs are changing.

Would it make sense for future releases to ship with **“Automatically detect new proxies” disabled by default**, or at least make the opt-in language clearer? From a support and usability standpoint, this setting seems to cause more harm than benefit in environments where proxy behavior is already managed or where users access resources in multiple ways.

dstillman · 2026-01-20T19:32:16+00:00

We haven't made any changes on our end, so this would have to be some change — likely a misconfiguration — on your institution's site. Zotero would only be adding domains that have been proxied by your institution once to its list of hosts for future redirection. So if you link out to, say, Google but mistakenly proxy that URL, Zotero will add google.com to its list of hosts for the proxy (with a notification). But that's a bug on your site, not in Zotero.

This is a feature that nearly everyone should want enabled by default. URLs in Zotero are saved without proxy details (which wouldn't be appropriate for sharing or for citations), so even following a link in Zotero would often land you on a page without access without proxy redirection.

dstillman · 2026-01-20T19:39:55+00:00

This also could be a change in how your proxy handles unsupported URLs. E.g., if you 1) accidentally proxied google.com and 2) the proxy server started rewriting other unsupported URLs on proxied sites, people who simply did a Google search and followed links could end up with lots of improper proxy host entries, because the Zotero Connector would see that the proxy was proxying those links. But it never adds domains that haven't been proxied at least once before.

dstillman · 2026-01-20T19:41:16+00:00

(Also, the Zotero Connector should be showing a banner after it redirects a given URL that allows you to remove a given domain from the list of proxied URLs. For technical reasons, that banner at times hasn't been shown properly. If you can reproduce not seeing the banner after a redirection, let us know.)

sklein3 · 2026-01-20T19:48:57+00:00

This:
"2) the proxy server started rewriting other unsupported URLs on proxied sites, people who simply did a Google search and followed links could end up with lots of improper proxy host entries, because the Zotero Connector would see that the proxy was proxying those links. But it never adds domains that haven't been proxied at least once before."

Makes sense because most of the inquiries involve Google Scholar being proxified. We removed Google Scholar ~4-5 years ago because Google would occassionally block our proxy, assuming fearing a DDOS attack, so now we just recommend that users manually configure the Library Link in Scholar.

dstillman · 2026-01-20T19:50:39+00:00

OK, but again, there haven't been any recent changes to proxy behavior from us, so if you're "suddenly being inundated" with reports, something would've had to have changed on your end.

sklein3 · 2026-01-20T19:55:03+00:00

Nothing changed. These are users who have downloaded and installed it on their own computers.

I find myself mistakenly occasionally clicking to the yellow banner prompt, to get rid of the prompt.

Maybe it's merely an indicator that Zotero is being used more.

dstillman · 2026-01-20T19:56:21+00:00

I find myself mistakenly occasionally clicking to the yellow banner prompt, to get rid of the prompt.

I'm not sure what you mean by this?

sklein3 · 2026-01-20T19:58:25+00:00

I will send a screenshot the next time I am prompted.

dstillman · 2026-01-20T20:00:02+00:00

But I think you may be misunderstanding what I'm saying? People downloading and installing Zotero on their own computers isn't at all relevant to the question of whether something changed about your institution's proxying behavior.

I'm just saying that, if you're suddenly seeing many more reports of sites being proxied that shouldn't be, that would be an indication of something changing in the URLs generated by your website and/or proxy.

(New installations also wouldn't be affected by your institution's Google Scholar proxying behavior from 4–5 years ago.)

sklein3 · 2026-01-20T20:02:48+00:00

Responded to your first comment: ' — likely a misconfiguration — on your institution's site.'

Was explaining that people who are reporting this are reporting behavior on their computers rather than institutional computers and our proxy has not changed.

dstillman · 2026-01-20T20:06:46+00:00

Right, no, that's a misunderstanding. I'm explaining that, for the Zotero Connector to redirect a given domain through the proxy, it has to have seen that domain proxied previously, which can only be a result of either your website or the proxy itself doing so. So if you're seeing many more reports of this than you did before, it would have to be a change in the behavior of your website or proxy in proxying many more sites than it should. The Zotero Connector would notice those proxied URLs and add the domains to the list of proxied domains, and when people were following unproxied links later, Zotero would send those domains through the proxy again. But your systems would have to do it in the first place. That's what would've had to have changed.