Closed vlakoff closed 6 years ago
So far I managed to switch to https completely. So far I don't come up with a good approach on how to continue providing http support. If it is really needed, people can change the calls to file_get_contents_ssl back to file_get_contents and replace the https occurrences in the source code (basically reverting the changes I made above).
If you really use WikiBlame outside the Wikimedia universe, please feel free to re-open this issue and to make me provide something more handy to you.
I had a peek at the changes, it looks good to me. Thank you :)
Of course disabling the SSL verifications is Bad™, but at least it's very simple. On the other hand, using Curl or Guzzle with proper SSL handling is actually very simple. See this section (most projects I have seen just embed a CA file and always use it).
WikiBlame performs its requests to the wiki in http, thus nowadays, on each request it gets a redirect to the https protocol. This causes a performance hit which should be noticeable.
Therefore, a "https mode" should be implemented, while keeping the possibility to perform http requests, if the WikiBlame application is used on some "out-of-wikimedia" wikis that don't support https.