flickr_photo_img() is currently hard coding the http:// protocol for images from flickr.com

This is a problem when the user is on https://.

CommentFileSizeAuthor
#16 D7_extend_https_also_to_slideshows-2207867-15.patch1.68 KBlolandese
#14 D6_port_load_images_from_https-2207867-13.patch5.98 KBlolandese
#10 https_protocol_extended-2207867-10.patch13.64 KBlolandese
#7 https_protocol_extended-2207867-7.patch8 KBlolandese
#4 flickr-https_images-2207867-4.patch579 byteslolandese
#1 flickr-https_images-2207867-1.patch573 byteschrisguindon
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

chrisguindon’s picture

chrisguindon CreditAttribution: chrisguindon commented
FileSize
flickr-https_images-2207867-1.patch573 bytes
lolandese’s picture

lolandese CreditAttribution: lolandese commented
Status: Active » Needs review
lolandese’s picture

lolandese CreditAttribution: lolandese commented
Status: Needs review » Needs work

Error message after applying the patch and re-saving a node with Flickr Filter applied:
Warning: getimagesize(//farm4.static.flickr.com/3737/9247386562_0222511648_m.jpg): failed to open stream: No such file or directory in theme_flickr_photo() (line 322 of /home/martin/www/beige/sites/all/modules/flickr/flickr.module).

Furthermore the image links to http://example.dev///farm4.static.flickr.com/3737/9247386562_0222511648.jpg resulting in an This image failed to load error in Colorbox.

Of course the issue on itself is valid and should be looked into.

Thanks.

lolandese’s picture

lolandese CreditAttribution: lolandese commented
Status: Needs work » Needs review
FileSize
flickr-https_images-2207867-4.patch579 bytes

We could just specify https:// regardless of the current protocol. It is a bit wasteful since we don't care to secure the transmission of an image unless it is necessary (when the visitor is using HTTPS).

chrisguindon’s picture

chrisguindon CreditAttribution: chrisguindon commented

+1 for using https:// instead of http:// or protocol-relative urls //.

We could also try to detect if the user is on HTTPS but I am not sure if it's worth the effort.

Here's a d8 issue about detecting if the drupal site is using HTTPS or not. It seems to get tricky when the site is behind a reverse proxy or load balancer that serves HTTPS to clients but communicates with the web server via HTTP.

https://drupal.org/node/313145

lolandese’s picture

lolandese CreditAttribution: lolandese commented
Status: Needs review » Fixed

Tested and committed.

http://drupalcode.org/project/flickr.git/commitdiff/ed97c90

Thanks.

lolandese’s picture

lolandese CreditAttribution: lolandese commented
Status: Fixed » Needs review
FileSize
https_protocol_extended-2207867-7.patch8 KB

Extended to sub-modules and administration pages.

lolandese’s picture

lolandese CreditAttribution: lolandese commented

In:

/home/martin/www/beige/sites/all/modules/flickr/flickr.css:
   40      font-style: normal;
   41      font-weight: normal;
   42:     src: url('http://mirrors.creativecommons.org/presskit/cc-icons.ttf') format('truetype');
   43    }
   44    span.flickr-cc {

we can't use https, simply because the URL doesn't exist.

It would be interesting to test if when we enable 'License info' in the settings it leads to errors if used on an HTTPS site.

EDIT:
Yes, it does. See #2334425: SSL warning for cc-icons.

lolandese’s picture

lolandese CreditAttribution: lolandese commented

Related info:
New SSL Endpoints for the Flickr API | code.flickr.com

lolandese’s picture

lolandese CreditAttribution: lolandese commented
FileSize
https_protocol_extended-2207867-10.patch13.64 KB

Also added icons font as a local file (cc-icons.ttf) instead of using a remote source.

The CSS points to the path relative to the folder where the css file itself resides (same folder ../flickr).

lolandese’s picture

lolandese CreditAttribution: lolandese commented
Status: Needs review » Fixed

http://drupalcode.org/project/flickr.git/commitdiff/866eea9

lolandese’s picture

lolandese CreditAttribution: lolandese commented
Version: 7.x-1.x-dev » 6.x-1.x-dev
Status: Fixed » Patch (to be ported)

  • Commit 0965058 on 6.x-1.x by lolandese: 
    Issue #2207867 by chrisguindon: D6 port to load images from https.
lolandese’s picture

lolandese CreditAttribution: lolandese commented
Status: Patch (to be ported) » Fixed
FileSize
D6_port_load_images_from_https-2207867-13.patch5.98 KB

http://drupalcode.org/project/flickr.git/commitdiff/0965058

  • Commit fe23c6c on 7.x-1.x by lolandese: 
    Issue #2207867 by chrisguindon: Extend https also to the slideshows,...
lolandese’s picture

lolandese CreditAttribution: lolandese commented
Version: 6.x-1.x-dev » 7.x-1.x-dev
FileSize
D7_extend_https_also_to_slideshows-2207867-15.patch1.68 KB

Extend https also for the slideshows, flash and non.

http://drupalcode.org/project/flickr.git/commitdiff/fe23c6c

lolandese’s picture

lolandese CreditAttribution: lolandese commented
Title: Load images from https » Load images and slideshows from https

Better title.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.