search

mozilla / openbadges-backpack

Mozilla Open Badges Backpack
https://backpack.openbadges.org/
Other
862 stars 263 forks source link

Change to https broke Moodle/Totara backpack usage #1059

Open mufac opened 9 years ago

mufac commented 9 years ago

This change:

https://github.com/mozilla/openbadges-backpack/commit/0ef69c7085806e3db0455b2df5f90f9c2b2e4a97

Seems to be enforcing https and rejecting requests over http. From the commit message it sounds like you intended to redirect from http to https but that isn't happening for me:

curl -i -X POST -d "email=[email redacted]" https://backpack.openbadges.org/displayer/convert/email
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
Set-Cookie: heroku-session-affinity=ADSDUAAAADl4nMtgzmBOYmBgXQwkciyARO7iRJYcBgYG5lwgwVqemqRnBGcZwlkmWQBNxQvI0I7yQmy+KvPBIv3rX3P0jJ7Gjz4_; Version=1; Expires=Mon, 14-Sep-2015 12:55:27 GMT; Max-Age=86400; Domain=backpack.openbadges.org; Path=/; HttpOnly
X-Powered-By: Express
Strict-Transport-Security: max-age=10886400
X-Frame-Options: DENY
Content-Type: application/json; charset=utf-8
Content-Length: 64
Set-Cookie: openbadges_state=s%3Aj%3A%7B%22_csrf%22%3A%22y7gsUMULNnhQb32eJOLE6H4S%22%7D.lzry%2BFAo9ofLd3aUFzkF99a2iT6osdRNqVewHwrWlvA; Path=/; Expires=Sun, 20 Sep 2015 12:55:27 GMT; HttpOnly
Date: Sun, 13 Sep 2015 12:55:27 GMT
Via: 1.1 vegur

{"status":"okay","email":"[email redacted]","userId":9075}%                                                                                               

curl -i -X POST -d "email=[email redacted]" http://backpack.openbadges.org/displayer/convert/email
HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Set-Cookie: heroku-session-affinity=ADSDUAAAADl4nMtgzmBOYmBgXQwkuESARNqLRJYcBgYG5lwgwVqemqRnCGcZwVnGWQA/ugt/kWf3ESeu6fZXaX7YCKkgQxZh7gU_; Version=1; Expires=Mon, 14-Sep-2015 14:21:49 GMT; Max-Age=86400; Domain=backpack.openbadges.org; Path=/; HttpOnly
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 53
Date: Sun, 13 Sep 2015 14:21:49 GMT
Via: 1.1 vegur

Please use HTTPS when submitting data to this server.

This has broken integration for Moodle/Totara:

https://tracker.moodle.org/browse/MDL-51390

While we can fix the request in Moodle/Totara code all sites will be broken until a fix is released and they upgrade their sites. If you are able to add a transparent redirect from http to https that would help immensely.

durzo commented 9 years ago

+1

ghost commented 9 years ago

+1 from me as well. Definitely something that needs to be looked at.

mattdigitalme commented 7 years ago

@mufac Can you check this again for me now we've updated the BP (8/12/16) and if it's still an issue let us know.

Also Do you want to join the Backpack Developer Slack Channel to get this worked through if needed