[grilo-plugins] lastfm: Use HTTPS rather than insecure HTTP when possible

From: Bastien Nocera <hadess src gnome org>
To: commits-list gnome org
Cc:
Subject: [grilo-plugins] lastfm: Use HTTPS rather than insecure HTTP when possible
Date: Tue, 27 Jan 2015 17:59:36 +0000 (UTC)

commit f13abe89f49a6ff841fef42660079fefb17248fc
Author: Elad Alfassa <elad fedoraproject org>
Date:   Sun Jan 25 23:20:11 2015 +0200

    lastfm: Use HTTPS rather than insecure HTTP when possible
    
    To avoid leaking (potentially uniquely identifiable) user data over
    plain text (be it search phrases, hashes of contact emails, etc etc),
    use HTTPS whenever possible.
    
    Unfortunately, we cannot completely avoid leaking the names of the
    albums the user has on their system because the CDN used by last.fm
    (where the plugin fetches the images from) serves a certificate only
    valid for something.something.akamai.net, so enabling HTTPS on that
    URL would fail.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=743449

 src/lastfm-albumart/grl-lastfm-albumart.c   |    2 +-
 tests/lastfm-albumart/data/network-data.ini |    6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/src/lastfm-albumart/grl-lastfm-albumart.c b/src/lastfm-albumart/grl-lastfm-albumart.c
index f897b15..18c11b3 100644
--- a/src/lastfm-albumart/grl-lastfm-albumart.c
+++ b/src/lastfm-albumart/grl-lastfm-albumart.c
@@ -41,7 +41,7 @@ GRL_LOG_DOMAIN_STATIC(lastfm_albumart_log_domain);
 
 /* -------- Last.FM API -------- */
 
-#define LASTFM_GET_ALBUM "http://ws.audioscrobbler.com/1.0/album/%s/%s/info.xml";
+#define LASTFM_GET_ALBUM "https://ws.audioscrobbler.com/1.0/album/%s/%s/info.xml";
 
 #define LASTFM_DEFAULT_IMAGE "http://cdn.last.fm/flatness/catalogue/noimage/2/default_album_medium.png";
 #define LASTFM_BASE_IMAGE    "http://userserve-ak.last.fm/serve/%s/%s";
diff --git a/tests/lastfm-albumart/data/network-data.ini b/tests/lastfm-albumart/data/network-data.ini
index 7ac986c..f46f811 100644
--- a/tests/lastfm-albumart/data/network-data.ini
+++ b/tests/lastfm-albumart/data/network-data.ini
@@ -1,11 +1,11 @@
 [default]
 version=1
 
-[http://ws.audioscrobbler.com/1.0/album/madonna/frozen/info.xml]
+[https://ws.audioscrobbler.com/1.0/album/madonna/frozen/info.xml]
 data=resolve-good-found.data
 
-[http://ws.audioscrobbler.com/1.0/album/madonna/frocen/info.xml]
+[https://ws.audioscrobbler.com/1.0/album/madonna/frocen/info.xml]
 data=resolve-good-found-default.data
 
-[http://ws.audioscrobbler.com/1.0/album/madonna/unknown/info.xml]
+[https://ws.audioscrobbler.com/1.0/album/madonna/unknown/info.xml]
 data=

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]