Berislav Babic

Berislav Babic

Engineer, cyclist, budget philosopher, fixing problems and making stuff run on the web.

Override https errors for regular http calls

2 minute read

Let’s say you are building a web app that has some secure user data involved in the picture. You have to secure it with https, that is a necessity. So what happens when you have to include some outside service into your https only application, and the service sadly doesn’t have an https site, or maybe it has a self signed certificate? The error pops up, something in the context of This page is only partialy secure.

There is a way to override this, but you are doing it at you own risk. You really should use only verified https resources in your public facing sites. There can be many reasons why you would go with this solution, and i’ll leave them to you to find that out by yourself, i’m just giving you the hammer. So, you want to override https calls in your app, and it’s a rails app(this approach can be done using sinatra or anything else ruby based, if you don’t know how to implement it, contact me and i’ll try to help) Basically you want to override the outside http call with a call to your own application, yes this can hurt your performance, but not having a green icon in the address bar can hurt you even more. I’ll make an example with a simple JSON call to an external service, but it can be done with any call.

First you should set up a controller to handle these requests, lets say ExternalResourcesController make an external_json method and add it to the routes.rb file, of course you need net/http and uri for making the remote calls.

# app/controllers/external_resources_controller.rb
require 'net/http'
require 'uri'
class ExternalResourcesController < ApplicationController
  def external_json
    options = {
    # fill your options with the params you are sending from the application
    }
    uri = URI('some external json service url')
    uri.query = URI.encode_www_form(options)
    resp = Net::HTTP.get(uri)
    render json: resp
  end
end
# config/routes.rb
get 'external_resources/external_json', to: 'external_resources#external_json'

This approach also gives you the benefit of not having to send and expose all parameters you are sending in client facing JavaScript, and can only send the dynamic ones. That can pay off if you are using this call more than once. And you can call this from your CoffeeScript very easily:

# app/assets/javascripts/ajax.js.coffee
json = $.ajax
  url: "/external_resources/external_json"
  dataType: "jsonp"
  data:
    first_param_name: "I'm a parameter"
    second_param_name: "I'm a parameter too"

Once again, you should only use this approach if you really, really know what you are doing, i’m not liable for the problems you can cause.

Comments

You May Also Enjoy

Zero downtime redis migration (or upgrade)

2 minute read

I wrote about migrating the Redis database from AWS ElastiCache to another provider a few years ago . In my case it was Azure, but it doesn’t matter. I used ...

The bus factor

4 minute read

When building any product or business, you want to make it as resilient as possible. You should do that from the very beginning, but sometimes this is hard, ...

How to 10X your PR review quality

1 minute read

During my career in software development, proper communication (or lack of it) has been crucial in instigating some creative discussions and/or flame wars du...

Rescue exception in Ruby and continue

1 minute read

Usually when we run scheduled jobs we like to bunch a few things together for convenience. Let’s say that you have hourly, daily, weekly, monthly task list t...