search

PRDeltoid / Petpoint-Webservices

PetPoint Webservices Plugin for Wordpress.
GNU General Public License v3.0
8 stars 7 forks source link

Use HTTPS for all API calls in PHP backend #14

Open PRDeltoid opened 8 months ago

PRDeltoid commented 8 months ago

Use HTTPS for all PetPoint API calls in pullanimals.php and viewanimal.php

PRDeltoid commented 8 months ago

I am having a hard time testing this. I believe the fact that I am using a Docker image with a self-signed cert is part of my problem. PHP is complaining that the SSL Cert verification failed, but I see that PetPoint uses a valid DigiCert certificate.

Alternatives include running curl, although this may not work on some systems if curl is unavailable (although this seems highly unlikely?) or I bypass SSL checks using 

$context = stream_context_create([
    'ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false
    ]
]);

and passing this context variable into the file_get_contents call.

I am leaning towards implementing the latter as a toggle in Settings. This would allow me to include a no-workarounds solution for most, with a toggle-able fix for those who encounter an issue with the HTTPS call.