iCal subscription not with SSL

[cbmainz]

Hi, on my blog I can not use the iCal subscription shortcode under https. If I enable https on the site, the shortcode for webcal for example will not render as webcal://$domain/feed/eo-events but as https://$domain/feed/eo-events and the google shortecode will not lead to a subscription. cheers Christopher

[stephenharris]

Hi Christopher,

Are you using [eo_subscribe type=webcal]?

[cbmainz]

Yes, all of them:

[eo_subscribe type=google], [eo_subscribe type=webcal], [eo_subscribe type=ical].

[stephenharris]

Hi Chris,

Well, obviously you've disabled https:// so I couldn't verify the bug, but I did spot a bug with the webcal (fixed with the above commit and will be included in 3.0.0). I can't see anything obviously wrong with the iCal (it should just be a link to the iCal feed) and the google link seems correct - though if Goggle for whatever reason didn't trust your SSL certificate then that would probably prevent the subscription from working.

[cbmainz]

Okay, after the fix above, webcal works now with https.

But the google feed still isn't working with https via [eo_subscribe type=google], but I can import the feed manually in a google calendar.

[stephenharris]

Thanks for the update. Is there any indication why it can't import? When you click the link it should take you to Google calendar and ask you if you want to import the calendar. Does it give you any error message?

[cbmainz]

No error message. If I click the link on http, it takes me to Google calendar and ask me to import as expected. If I'm visiting the same site with https, the link takes me also to Google calendar, but then nothing happens.

[stephenharris]

Sodding Google: http://stackoverflow.com/a/21218052/932391

The solution here would be to use http:// rather than https:// protocol. But I'm wary about doing that...

[cbmainz]

So not much to do about it? Use either http or copy the link manually.

[stephenharris]

Removing this from the 3.0.2 as I want to consider the options. i.e. leave it as broken or change https:// to http://

[cbmainz]

Okay, if it is broken, can you make Event-Organiser render the google link in http even the url of the blog is https?

[stephenharris]

Moving this to 3.2.0 - it will only be Google making the http request, so I guess this mitigates the risk (the only risk being that a malicious attacker gives Google incorrect data). There's no authentication being done, so I don't see much problem here with using the http URL.