Allow to get favicons from "unsecure" (non SSL) websites

[ash-jc-allen]

Hey @marispro, thanks for the PR, I love this idea!

I think we might be better off adding this as a config option that devs can choose to enable/disable on a project-by-project basis. Maybe something like favicon-fetcher.drivers.http.verify_ssl?

[marispro]

Hey @marispro, thanks for the PR, I love this idea!

I think we might be better off adding this as a config option that devs can choose to enable/disable on a project-by-project basis. Maybe something like favicon-fetcher.drivers.http.verify_ssl?

If there is any security reason for this, then yes this can be added. But would be nice if package could fetch favicon from any website by default without modifying configuration.

[ash-jc-allen]

In my opinion, I think that API requests should always be made over HTTPS wherever possible by default. So, I think that HTTP should only ever be used as a last resort and should be an explicit decision by the dev to choose to use it :)

[ash-jc-allen]

Hey @marispro! I'm going to close this PR because it's been open for a while. But, if you'd like to do any more work on it to add this feature, feel free to reopen it 🙂