-
Bug
-
Resolution: Fixed
-
Critical
-
2.1.6, 2.2.3, 2.3
-
MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
-
MOODLE_21_STABLE, MOODLE_22_STABLE
-
wip-
MDL-32990-master -
Easy
-
We just received the following email from box.com:
From: Alex Willen <awillen@box.com>
Subject: HTTP Calls on the Box APIHi,
I'm reaching out to let you know about a potential issue with your application's use of the Box API. We found that your application makes API requests over HTTP, rather than HTTPs. For security, soon we're going to begin enforcing HTTPs not only in our site, but also in our API.
Previously we allowed HTTP calls to work for free users, although we still pushed for HTTPs calls in all cases, but we'll soon require HTTPs for all users. Starting 6/30/2012, all API calls will have to be made over HTTPs in order to function properly. The changes required from you should minimal - just be sure all your calls are pointing to https://www.box.com.
We apologize for any inconvenience this causes. If you have any issues in making the change or would like to discuss, please let me know.
Thanks,
Alex Willen
I looked at the boxnet repository code for Moodle 2.2 (stable) and 2.3 (master) and the API references are hard-coded to be "http://box.net/api/1.0". Hopefully the fix is just to change the api calls to use "https://box.com/api/1.0"?