search

simi / omniauth-facebook

Facebook OAuth2 Strategy for OmniAuth
https://simi.github.io/omniauth-facebook/
1.26k stars 403 forks source link

Change default of secure_image_url to true, because downloading image via http results in 500 error #345

Closed swiknaba closed 4 years ago

swiknaba commented 4 years ago

When trying to download the profile image via

require 'open-uri'

io = open(request.env['omniauth.auth'].info.image)

Facebook responds with a 500 error. Switching protocol from http to https solves the problem.

Looking into the Facebook docs: https://developers.facebook.com/docs/facebook-login/security#surfacearea we see that starting from the 6th of October 2018, using HTTPS is mandatory:

Use HTTPS

Use HTTPS, instead of HTTP, as an internet protocol, because it uses encryption. HTTPS keeps transmitted data private and guards against eavesdropping attacks. It also prevents data from being tampered with during transmission by, for example, introducing advertisements or malicious code.

On October 6, 2018, all apps will be required to use HTTPS.

hence I propose to switch the default of secure_image_url from false to true.

I can open a PR if you agree with the change.

simi commented 4 years ago

yes, feel free to do

github-actions[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.