gtkatakura commented 4 years ago

Describe the bug in a sentence or two.

I have include CloudinaryHelper in one model (rails) and when I call cl_image_path from the model, CloudinaryHelper#cloudinary_url_internal don't detect if the request has ssl enabled.

Issue Type (Can be multiple)

[ ] Build - Can’t install or import the SDK [ ] Performance - Performance issues [x] Behaviour - Functions aren’t working as expected (Such as generate URL) [ ] Documentation - Inconsistency between the docs and behaviour [ ] Other (Specify)

Steps to reproduce

Add include Avatarable in one model and try to call avatar_url from the model in the controller. The return always be no-ssl.

module Avatarable
  include CloudinaryHelper

  def avatar
    super || 'default_avatar.png'
  end

  def avatar_url(width: 64)
    cl_image_path(
      avatar,
      default_image: 'default_avatar.png',
      fetch_format: :auto,
      width: width,
      crop: :fill
    )
  end
end

Operating System

[x] Linux [ ] Windows [ ] OSX [ ] All

Environment and Libraries

Cloudinary Ruby SDK version - 1.13.2 Ruby Version - 2.5.7 Rails Version - 5.0.7.2

Probably solution

Here in this lines the method cloudinary_url_internal use request to detect if ssl is enabled.

https://github.com/cloudinary/cloudinary_gem/blob/5caecd2c4d3b50647e660d1fccdf1d5491dd0374/lib/cloudinary/helper.rb#L328

I think instead use request, we could use RequestStore.store[:current_controller].request to detect the request. I solve this problem in my codebase using this approach:

  def avatar_url(width: 64)
    current_controller = RequestStore.store[:current_controller]
    request = current_controller.request if current_controller.respond_to?(:request)
    ssl_detected = request.ssl? if request.respond_to?(:ssl?)

    cl_image_path(
      avatar,
      default_image: 'default_avatar.png',
      fetch_format: :auto,
      width: width,
      crop: :fill,
      ssl_detected: ssl_detected
    )
  end

molanip commented 4 years ago

@gtkatakura Thanks for letting us know. We have issued a ticket and will take care of it.

const-cloudinary commented 4 years ago

@gtkatakura, thank you for reporting the issue.

Since RequestStore is not a part of Rails, we would like to avoid code in our library that references 3rd party packages.

In case you want to deliver only https URLs, you can set secure key to true in your Cloudinary configuration (you can set it globally (in yml, CLOUDINARY_URL environment variable) or per request). See our documentation for details: https://cloudinary.com/documentation/image_transformations#secure_https_urls

In case you do want http and https urls depending on context, just keep your function.

In the next major version of the library, all URLs will be secured by default.

cloudinary / cloudinary_gem