Comments (5)
Could you elaborate a little bit more? Do you mean that Coce should use for example Amazon API with https if it's possible?
from coce.
Sorry, I should have been clearer. Also, since originally posting this, I have done some more research and suspect it's a non-issue.
I was originally thinking that AWS, Google Books & Open Library may return cover URLs (e.g. http://ecx.images-amazon.com/images/I/31k2Z97KIuL._SL75_.jpg) with both http & https schemes, and it might be possible for coce to return one or the other depending on the user's preference (i.e. if your site is using SSL, it would be preferable to use https URLs to avoid mixed content problems). But, I think it's just as easy to just iterate the URLs returned from coce and change the scheme myself. As far as I can gather, the AWS, GB & OL APIs only return http URLs anyway!
from coce.
You're correct. It seems that cover providers returns images as http (without s) URLs. To avoid mixed content:
https://developer.mozilla.org/en-US/docs/Security/MixedContent
You need to install Coce to respond to HTTPS request (passenger can do that), AND you need to install Coce on the same server than your webapp. Alternatively if you want to keep separate Coce server and your webapp server, you need to setup a reverse proxy (nginx for example) which will contact Coce server.
Hope this is clear...
from coce.
Thanks very much for your detailed reply, very helpful.
My problem doesn't lie with requests to coce needing to be https, I have a proxy API on my application server that proxies requests to coce, so that's all fine. The problem lies with the URLs that are coming back from the various APIs (AWS etc.) via coce. Since the various providers return all URLs as http, including these images in an https page results in insecure content warnings. So, I now have my proxy API converting all http urls to https, that seems to be working for the most part.
So, in summary, this isn't a coce issue at all, it's more the case that the API providers should be providing a mechanism for consumers of the API to specify their preferred protocol (http or https).
from coce.
Are you still working on this? It seems that the mixed-content issue could be solved for Amazon Web Services. It's already ok with Google Books images that are returned as https ressources.
from coce.
Related Issues (9)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coce.