search

iandees / josm-notes

A JOSM plugin to show OpenStreetMap Notes.
BSD 3-Clause "New" or "Revised" License
3 stars 2 forks source link

Notes plugin does not use encrypted API anymore #30

Closed whbosm closed 10 years ago

whbosm commented 10 years ago

I get this message:

INFO: Defaults for osm-server.url differ: http://api.openstreetmap.org/api != https://api.openstreetmap.org/api INFO: Defaults for osm-server.url differ: https://api.openstreetmap.org/api != http://api.openstreetmap.org/api

If I build the notes plugin against latest JOSM code, then the notes traffic is encrypted again. Thus I think you have to build the notes plugin against newer JOSM code!

ToeBee commented 10 years ago

When did this start? I thought I used a current build of JOSM for the last release.

whbosm commented 10 years ago

I don't know exactly, because I first thought this message is not critical. Today I discovered with Wireshark, that notes traffic is indeed unencrypted, whereas all other api.openstreetmap.org traffic is still encrypted. It is not only broken with latest JOSM, it is also broken with JOSM 7182 (May 26, 2014), which is the oldest version supported by notes plugin 0.9.3. Also JOSM 7182 + previous notes plugin 0.9.2 (first notes plugin version which supports https) is broken! So this problem is more than 4 month old. To exclude profile related issues, I always tested with a new JOSM profile.

whbosm commented 10 years ago

I did some tests. JOSM 6920 (Mar 21, 2014) + notes 0.9.2 is the first broken version. With version 6920 JOSM switched to https by default: https://josm.openstreetmap.de/changeset/6920/josm/ This explains the "Defaults for osm-server.url differ" message.

Thus I believe that the notes plugin 0.9.3 (and necessarily 0.9.2, because JOSM was not released at this time) was build against some JOSM code dated before 6920.

So the notes encryption only worked between Mar 6 (notes plugin invented https support) and Mar 21 (JOSM uses https by default), if latest JOSM was used.

ToeBee commented 10 years ago

Well, you must be right about an old version of JOSM being used to compile the plugin. This is happening because the default API URL is stored in a final variable. This means it is hard-coded at compile time based on the value in OsmApi which we are extending in the plugin.

ToeBee commented 10 years ago

I just released a new version that is compiled on JOSM 7347.