-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use HTTPS if location protocol is HTTPS in iD.Connection #2681
Conversation
Looks like the tests need revising too. |
5352ea0
to
8be0086
Compare
I fixed all the tests except one. If anyone has ideas about what is going wrong there, let me know |
Ugh. This is a nasty problem. You can't assume that the OSM API is accessible on the same protocol that iD is loaded by, because iD could be loaded locally over file:// |
Chrome has some restrictions for resources loaded via |
How does it look now? I added an optional parameter to the |
Alternatively, we could just make all connections secure and disallow HTTP... |
Anyone have thoughts on this? |
Not all API instances allow HTTPS. |
My current changes do not force HTTPS, unless the user is already on an HTTPS site |
Yes, but you were suggesting disallowing HTTP |
Yeah, I understand. Sorry I didn't make that clear in my previous message. |
I notice that using the source switcher on an https site will break this, but it's broken anyway because Thanks for adding this, @frewsxcv |
Use HTTPS if location protocol is HTTPS in iD.Connection
connection = {}, | ||
inflight = {}, | ||
loadedTiles = {}, | ||
tileZoom = 16, | ||
oauth = osmAuth({ | ||
url: 'http://www.openstreetmap.org', | ||
url: protocol + '//www.openstreetmap.org', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is unnecessary: just start the URL with //
, and the current protocol will be used (except in Netscape Navigator 4, I suppose).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Look through he discussion the associated pull request. Sometimes, we are retrieving this js file via the file://
protocol which results in an undesired outcome
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doh! Sorry about that. 😄
Relevant to strava#5 (comment)