Preferred cover URL protocol with fallback about coce HOT 5 CLOSED

Could you elaborate a little bit more? Do you mean that Coce should use for example Amazon API with https if it's possible?

from coce.

Sorry, I should have been clearer. Also, since originally posting this, I have done some more research and suspect it's a non-issue.

I was originally thinking that AWS, Google Books & Open Library may return cover URLs (e.g. http://ecx.images-amazon.com/images/I/31k2Z97KIuL._SL75_.jpg) with both http & https schemes, and it might be possible for coce to return one or the other depending on the user's preference (i.e. if your site is using SSL, it would be preferable to use https URLs to avoid mixed content problems). But, I think it's just as easy to just iterate the URLs returned from coce and change the scheme myself. As far as I can gather, the AWS, GB & OL APIs only return http URLs anyway!

from coce.

You're correct. It seems that cover providers returns images as http (without s) URLs. To avoid mixed content:

https://developer.mozilla.org/en-US/docs/Security/MixedContent

You need to install Coce to respond to HTTPS request (passenger can do that), AND you need to install Coce on the same server than your webapp. Alternatively if you want to keep separate Coce server and your webapp server, you need to setup a reverse proxy (nginx for example) which will contact Coce server.

Hope this is clear...

from coce.

Thanks very much for your detailed reply, very helpful.

My problem doesn't lie with requests to coce needing to be https, I have a proxy API on my application server that proxies requests to coce, so that's all fine. The problem lies with the URLs that are coming back from the various APIs (AWS etc.) via coce. Since the various providers return all URLs as http, including these images in an https page results in insecure content warnings. So, I now have my proxy API converting all http urls to https, that seems to be working for the most part.

So, in summary, this isn't a coce issue at all, it's more the case that the API providers should be providing a mechanism for consumers of the API to specify their preferred protocol (http or https).

from coce.

Are you still working on this? It seems that the mixed-content issue could be solved for Amazon Web Services. It's already ok with Google Books images that are returned as https ressources.

from coce.