Use TLS

[EtiennePerot]

Hi there,

I ran the following on the source code:

$ grep -ri 'wanikani\.com' .
./README:WaniKani (http://www.wanikani.com) is a kanji learning web app that
./README:- Wanikani http://www.wanikani.com/chat/api-and-third-party-apps/2225
./src/com/wanikani/androidnotifier/WaniKaniImprove.java: *                      http://www.wanikani.com/chat/api-and-third-party-apps/2952
./src/com/wanikani/androidnotifier/WaniKaniImprove.java:                        sb = new StringBuffer ("http://www.wanikani.com/quickview/");
./src/com/wanikani/androidnotifier/LessonOrder.java: * A port of the alucardeck's WK Reorder script (http://www.wanikani.com/chat/api-and-third-party-apps/3878)
./src/com/wanikani/androidnotifier/MainActivity.java:           open ("http://www.wanikani.com/chat");
./src/com/wanikani/androidnotifier/MainActivity.java:           open ("http://www.wanikani.com/review");
./src/com/wanikani/androidnotifier/ReviewOrder.java: * A port of the alucardeck's WK Reorder script (http://www.wanikani.com/chat/api-and-third-party-apps/3023)
./src/com/wanikani/androidnotifier/WebReviewActivity.java:              static final String CURRENT_REVIEW_START = "http://www.wanikani.com/review/session";
./src/com/wanikani/androidnotifier/WebReviewActivity.java:              static final String CURRENT_LESSON_START = "http://www.wanikani.com/lesson/session";
./src/com/wanikani/androidnotifier/WebReviewActivity.java:              if (!url.contains ("wanikani.com") && !download) {
./src/com/wanikani/androidnotifier/WebReviewActivity.java:              lpage = "http://www.wanikani.com/lesson";
./src/com/wanikani/androidnotifier/WebReviewActivity.java:              rpage = "http://www.wanikani.com/review";
./src/com/wanikani/androidnotifier/WebReviewActivity.java:                              !url.contains ("http://www.wanikani.com/quickview");
./src/com/wanikani/androidnotifier/WebReviewActivity.java:              else if (url.contains ("http://www.wanikani.com/quickview"))
./src/com/wanikani/androidnotifier/IgnoreButton.java: * http://www.wanikani.com/chat/api-and-third-party-apps/2940/
./src/com/wanikani/wklib/Config.java:   public static final String DEF_URL = "http://www.wanikani.com/api/v1.2"; 
./src/com/wanikani/wklib/Item.java:             return "http://www.wanikani.com/" + 
./res/xml/preferences.xml:              android:defaultValue="http://www.wanikani.com/review/session" />
./res/xml/preferences.xml:              android:defaultValue="http://www.wanikani.com/lesson/session" />
./res/values/strings.xml:    <string name="status_msg_unauthorized_empty">(did you subscribe to http://www.wanikani.com?)</string>
./res/values/strings.xml:                       http://www.wanikani.com/chat/api-and-third-party-apps/2940/

WaniKani is available over HTTPS now, so I think it should be a good idea to switch those URLs over to that.

[s84606]

Hi Etienne, looking at those occurrences, the only URLs which are actually used to establish http connections are:

• API calls: the documentation specifies an HTTP URL. I suppose, however, that HTTPS should be ok as well;
• Item URL. The prefix is specified as http://www.wanikani.com//slug, but, again, I guess https would do;
• Review/lessons URL: These can be set through a menu item.
• Forum URL

I'd like to take a conservative approach, since I'm not completely sure how older android devices handle these URL, especially when dealing with the API calls (e.g. I would not like them to set up a new TLS exchange each time I call the API, or to be finnicky with the CA) I think I'll add a new option (enable TLS, default: false) so that people can experiment with this and tell me if they encounter any problem. This option will:

• Transparently replace http with https when opening the reviews and lessons pages
• Use https everywhere else (item,. API and forum)

After a few releases, if I receive positive feedback, I'll set default=yes, but keep it optional. Of course URLs in messages will be fixed ASAP

[EtiennePerot]

Sounds good to me!

[s84606]

Features available in 1.13.0 (released today)