xkcd.com redirects to https; maybe breaks Android app

Need the mods or admins to do something for you? Post here. Read the "About" post first.

Moderators: Moderators General, Prelates, Magistrates

miket
Posts: 9
Joined: Wed Sep 18, 2013 5:58 am UTC

xkcd.com redirects to https; maybe breaks Android app

Postby miket » Mon Jan 30, 2017 7:10 pm UTC

The handy xkcdViewer app that I use on Android quit working last week. I see that a bug report was filed for this (https://github.com/tcoxon/XkcdViewer/issues/70). What this told me is that there must have been a change in the wire format.

I must confess that at this point I have neither investigated the client/server transaction with a packet sniffer nor have I taken a look at the source code for the app. The first thing I thought to look for was what was happening on the server side.

I looked to the FAQ to see what was going on with the JSON interface that apps like that viewer use. So now I tried running that URL through cURL:

Code: Select all

$ curl -v http://xkcd.com/info.0.json
*   Trying 104.156.81.67...
* Connected to xkcd.com (104.156.81.67) port 80 (#0)
> GET /info.0.json HTTP/1.1
> Host: xkcd.com
> User-Agent: curl/7.45.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 301 Moved Permanently
< Server: Varnish
< Retry-After: 0
< Location: https://xkcd.com/info.0.json
< Content-Length: 0
< Accept-Ranges: bytes
< Date: Mon, 30 Jan 2017 18:31:49 GMT
...

So the Location header indicates a redirect to the https version with that host and path. Now with cURL pointing to that new URL, I find a JSON blob with this value for the img key: "http://imgs.xkcd.com/comics/bird_plane_superman.png". Hmm--it has "http" and not either "https" or an omitted scheme altogether. Do I find evidence of a recent adoption of a policy to redirect http to https? This means that every request from a client would result in four requests: 1. original request for JSON, 2. redirected request for JSON, 3. http request for image, 4. redirected request for image.

My guess is that the Android app does not expect the redirect. Is that the case or did the specification of the JSON change?

Besides that, why would it be that the main website, which requires no login, would require a redirect to an encrypted transport whereas the forums, which do require logins to post, don't even support https?

User avatar
Zohar
COMMANDER PORN
Posts: 7389
Joined: Fri Apr 27, 2007 8:45 pm UTC
Location: NY

Re: xkcd.com redirects to https; maybe breaks Android app

Postby Zohar » Mon Jan 30, 2017 7:16 pm UTC

xkcdViewer isn't supported by xkcd, so I doubt you'll see anyone working extra hard to fix that.
Mighty Jalapeno: "See, Zohar agrees, and he's nice to people."
SecondTalon: "Still better looking than Jesus."

Not how I say my name

miket
Posts: 9
Joined: Wed Sep 18, 2013 5:58 am UTC

Postby miket » Mon Jan 30, 2017 10:38 pm UTC

Note that I did not request that you do anything to maintain the app. What I wanted to know is what is happening on the server side. There was a protocol that everyone knew about, even if it was not explicitly specified in all of its details. Two salient points: the FAQ page shows URL's for the JSON requests as having the "http" scheme and the JSON returned when fetching the URL contained a URL with the "http" scheme.

Client software is going to have problems if the API is not consistent. What I wanted to know is whether there was a change, and, as a corollary, whether any change was inadvertent. These are all server-side issues.


Return to “Site/Forum issues”

Who is online

Users browsing this forum: Google [Bot] and 4 guests