Use HTTPS if location protocol is HTTPS in iD.Connection #2681
Conversation
|
Looks like the tests need revising too. |
frewsxcv
force-pushed
the
patch-1
branch
2 times, most recently
from
5352ea0
to
8be0086
Compare
|
I fixed all the tests except one. If anyone has ideas about what is going wrong there, let me know |
Ugh. This is a nasty problem. You can't assume that the OSM API is accessible on the same protocol that iD is loaded by, because iD could be loaded locally over file:// |
|
Chrome has some restrictions for resources loaded via |
|
How does it look now? I added an optional parameter to the |
frewsxcv
changed the title
|
Alternatively, we could just make all connections secure and disallow HTTP... |
|
Anyone have thoughts on this? |
|
Not all API instances allow HTTPS. |
|
My current changes do not force HTTPS, unless the user is already on an HTTPS site |
Yes, but you were suggesting disallowing HTTP |
Yeah, I understand. Sorry I didn't make that clear in my previous message. |
|
I notice that using the source switcher on an https site will break this, but it's broken anyway because Thanks for adding this, @frewsxcv |
Use HTTPS if location protocol is HTTPS in iD.Connection
| connection = {}, | ||
| inflight = {}, | ||
| loadedTiles = {}, | ||
| tileZoom = 16, | ||
| oauth = osmAuth({ | ||
| url: 'http://www.openstreetmap.org', | ||
| url: protocol + '//www.openstreetmap.org', |
There was a problem hiding this comment.
This is unnecessary: just start the URL with //, and the current protocol will be used (except in Netscape Navigator 4, I suppose).
There was a problem hiding this comment.
Look through he discussion the associated pull request. Sometimes, we are retrieving this js file via the file:// protocol which results in an undesired outcome
Relevant to strava#5 (comment)