Support connecting to YOURLS API over HTTPS

Question

Support connecting to YOURLS API over HTTPS

Closed this issue 9 years ago · 3 comments

It's easy for users to put in only the YOURLS domain, but API requests do use a secret token that should not be revealed in cleartext if it can be avoided. My YOURLS installation is available over HTTPS, and I'd like to eliminate insecure requests to it as much as possible.

I propose the following:

Better YOURLS continues to accept just the domain as a setting
Internally it's now treated as base_url instead of domain
On save, prepend http:// to the option if it is missing
Users can use an https:// value if they want
The option is validated by something like the regex https?:\/\/.+(\..+)+\.?(\/.*)*\/?
** This pattern allows for YOURLS installations accessed over HTTP or HTTPS, at the domain root or in subdirectories

Answer 1 · 2015-11-06T19:31:37.000Z

I'll have to look at this. I run admin on https myself but had some problems with the api calls.

Answer 2 · 2015-11-24T02:13:54.000Z

Well, got this working. Please take a look at https://github.com/ChrisWiegman/Better-YOURLS/tree/feature/allow_https and let me know what you think (it's always good to have a 2nd set of eyes on a requested feature).

Answer 3 · 2015-12-12T20:41:56.000Z

This has been pushed in 2.1