Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-32990

box.com/box.net repository using HTTP to access APIs, instead of HTTPS

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1.6, 2.2.3, 2.3
    • Fix Version/s: 2.1.7, 2.2.4
    • Component/s: Repositories
    • Labels:
    • Testing Instructions:
      Hide
      1. Enable and add a box.net
      2. Go to my private files
      3. Use the file picker to add a file to moodle from box.net
      4. VERIFY: That thumbnails from box.net are displayed in the file picker when browsing
      5. VERIFY: Files can be selected and imported into private files without errors
      6. Save changes
      7. Download a file from private files which you uploaded from box.net
      8. VERIFY: that the file is the same as in box.net and is not corrupted
      Show
      Enable and add a box.net Go to my private files Use the file picker to add a file to moodle from box.net VERIFY: That thumbnails from box.net are displayed in the file picker when browsing VERIFY: Files can be selected and imported into private files without errors Save changes Download a file from private files which you uploaded from box.net VERIFY: that the file is the same as in box.net and is not corrupted
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      wip-MDL-32990-master

      Description

      We just received the following email from box.com:

      From: Alex Willen <awillen@box.com>
      Subject: HTTP Calls on the Box API

      Hi,

      I'm reaching out to let you know about a potential issue with your application's use of the Box API. We found that your application makes API requests over HTTP, rather than HTTPs. For security, soon we're going to begin enforcing HTTPs not only in our site, but also in our API.

      Previously we allowed HTTP calls to work for free users, although we still pushed for HTTPs calls in all cases, but we'll soon require HTTPs for all users. Starting 6/30/2012, all API calls will have to be made over HTTPs in order to function properly. The changes required from you should minimal - just be sure all your calls are pointing to https://www.box.com.

      We apologize for any inconvenience this causes. If you have any issues in making the change or would like to discuss, please let me know.

      Thanks,
      Alex Willen

      I looked at the boxnet repository code for Moodle 2.2 (stable) and 2.3 (master) and the API references are hard-coded to be "http://box.net/api/1.0". Hopefully the fix is just to change the api calls to use "https://box.com/api/1.0"?

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    9/Jul/12