Override https errors for regular http calls
Let’s say you are building a web app that has some secure user data involved
in the picture. You have to secure it with https, that is a necessity. So what
happens when you have to include some outside service into your https only
application, and the service sadly doesn’t have an https site, or maybe it has
a self signed certificate? The error pops up, something in the context of This page is only
partialy secure
.
There is a way to override this, but you are doing it at you own risk. You really should use only verified https resources in your public facing sites. There can be many reasons why you would go with this solution, and i’ll leave them to you to find that out by yourself, i’m just giving you the hammer. So, you want to override https calls in your app, and it’s a rails app(this approach can be done using sinatra or anything else ruby based, if you don’t know how to implement it, contact me and i’ll try to help) Basically you want to override the outside http call with a call to your own application, yes this can hurt your performance, but not having a green icon in the address bar can hurt you even more. I’ll make an example with a simple JSON call to an external service, but it can be done with any call.
First you should set up a controller to handle these requests, lets say
ExternalResourcesController
make an external_json
method and add it to the
routes.rb
file, of course you need net/http
and uri
for making the
remote calls.
This approach also gives you the benefit of not having to send and expose all parameters you are sending in client facing JavaScript, and can only send the dynamic ones. That can pay off if you are using this call more than once. And you can call this from your CoffeeScript very easily:
Once again, you should only use this approach if you really, really know what you are doing, i’m not liable for the problems you can cause.
Comments