Closed (fixed)
Project:
Services
Version:
6.x-3.x-dev
Component:
Documentation
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
5 Apr 2012 at 20:50 UTC
Updated:
24 Nov 2012 at 05:56 UTC
I'd like to make my REST APIs operate via HTTPS. Some searching around does not reveal any posts along these lines. Anyone doing this? Any configuration or whatnot required?
Pretty much all I know about using SSL is contained in my post here:
http://www.missingubercartmanual.com/Configuring-Your-Site-For-HTTPS-whe...
So... any tips, pointers, docs to be had?
Comments
Comment #1
bsenftner commentedApparently, nothing. Other than configuring the site with an SSL solution, such as described here http://crackingdrupal.com/blog/greggles/drupal-and-ssl-multiple-recipes-..., nothing changes in one's Services implementation or configuration.
Comment #2
lpeabody commentedI've had my site configured for HTTPS for a while and it's been working like a champ. However, my REST server setup via Services refuses to cooperate over HTTPS. I'm using Poster through Firefox, and whenever I attempt a connect or login via HTTPS (using POST) I get the message: "No response was received. Either the request could not be opened or the request timed out."
In fact, I get that message for any kind of request made over HTTPS. I'm logging in through the web browser of HTTPS just fine though. Any ideas?
Comment #3
lpeabody commentedComment #4
bsenftner commentedDid you get it working?
For my setup, I wanted the entire site to be SSL, and that is accomplished via placing the entire Drupal installation inside the SSL directory of my web stack. I'm using the Uniform Server, a pre-hardened for the web version of WAMP. Once Drupal was inside the SSL directory, it is only available via SSL, and the Services endpoints as well.
I'm not sure how one would have partial SSL for a Drupal Services API...
Comment #5
lpeabody commentedI use Secure Login to force HTTPS on web forms. Once you're logged in I have it setup so the entire site can only be navigated through HTTPS. I don't understand why I can't get any communication what-so-ever via HTTPS when running against the REST server though. I would think I could just do a straight-HTTPS session - (connect, login, everything) all in HTTPS... but I just don't get any responses.
Comment #6
bsenftner commentedDo you have the Services "debug mode" enabled? If so, do you see anything in your logs?
Make sure your constructing your API accessing URLs as "https://www.yoursite.com/" + "your API endpoint" + "your resource"
For example, to login you need to post to "https://www.yoursite.com/yourApiEndpoint/user/login"
Also, if you are trying to call your API from Flash, you need a crossdomain.xml file at the root of your Drupal site hosting the API. (I think that only if the calling flash is not the same domain, but not sure - I'm not a flash developer.)
Comment #7
marcingy commented