search

Bungie-net / api

Resources for the Bungie.net API
Other
1.21k stars 92 forks source link

Bungie.net redirecting mayhem #55

Open sgtfrankieboy opened 6 years ago

sgtfrankieboy commented 6 years ago

When you make a request to bungie.net without a /, you will be redirected multiple times. Causing 3 loads to bungie.net

Example: Req 1: https://www.bungie.net/platform/Destiny2/Milestones Req 2: http://www.bungie.net/platform/Destiny2/Milestones/ Req 3: https://www.bungie.net/platform/Destiny2/Milestones/

Preferred would be: Req 1: https://www.bungie.net/platform/Destiny2/Milestones Req 2: https://www.bungie.net/platform/Destiny2/Milestones/

vthornheart-bng commented 6 years ago

Yeah, we've got what feels like a boatload of redirection error-related issues. RKing788's mentioned issue involved redirection because he was using bungie.net instead of www.bungie.net, which feels bad as well.

I'm going to call this an enhancement, but one I'd really like to fix.

CoryG89 commented 5 years ago

Apparently this was never actually fixed. Caused me some issues due to the fact that it redirects to http from https on an ajax call, breaking mixed content security rules by default in my browser. Luckily I looked here and was able to fix it by adding a trailing slash as mentioned in this issue.

If this isn't going to be fixed any time soon, it would probably be just as helpful to call out the trailing slash workaround in the documentation.

floatingatoll commented 5 years ago

Which documentation URL would you have expected to include a note about the trailing slash? I ask because the example code in all API endpoints I’ve seen includes it, so presumably there’s somewhere else you would have found useful in hindsight.

On Jul 28, 2018, at 19:51, Cory Gross notifications@github.com wrote:

Apparently this was never actually fixed. Caused me some issues due to the fact that that it redirects to http from https on an ajax call, breaking mixed content security rules by default in my browser. Luckily I looked here and was able to fix it by adding a trailing slash as mentioned in this issue.

If this isn't going to be fixed any time soon, it would probably be just as helpful to call out the trailing slash workaround in the documentation.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

CoryG89 commented 5 years ago

Thanks for the reply. Hmm, I guess I was thinking a note somewhere toward the top of https://bungie-net.github.io/ -- maybe under "Connecting to the API" --> "Security" ?

I was just thinking a small item about HTTPS/SSL just noting that while the APIs are available over https, if you access them without the trailing slash, then you will be redirected to http, causing browsers to block connections and show warnings by default.

Probably not a big deal either way, but it would have likely taken me a while longer to figure out what was going on had I not found this issue. I would be happy to open a PR to add a note if there is somewhere that works.