HTTP mixed content on urls from representative data, how to handle?

[jeuel wilkerson]

I've noticed recently that the URLs returned from endpoints are not HTTPS, but instead are HTTP. 

For example, `https://www.googleapis.com/civicinfo/v2/representatives?address=94105&levels=country&roles=legislatorLowerBody&key=<YOUR-KEY-HERE>` would return the representative Nancy Pelosi and the `photoUrl` key would have the value `http://bioguide.congress.gov/bioguide/photo/P/P000197.jpg`.

When trying to use this url, however, in production you'll receive a error saying "requested an insecure image 'http://bioguide.congress.gov/bioguide/photo/P/P000197.jpg'. This content should also be served over HTTPS." and some browsers won't show the image.

What is the best way to handle these cases so that you can display the image securely for all major browsers?

[Cong Chen]

Thanks Jeuel.

In this particular case, I'm actually getting a "This site can’t be reached...ERR_CONNECTION_TIMED_OUT" when trying to hit the image via https://bioguide.congress.gov/bioguide/photo/P/P000197.jpg.

It sounds like in this case it is an application/browser specific constraints that resulted in such an error (e.g. if we try to embed an https image within a https page, it wouldn't work). What we can do is to ask our data provider to supply both https and http images, but it's going to be best effort given that this is an optional field and that sometimes there may not be any (https/http) images.

Thanks,

Cong

--
You received this message because you are subscribed to the Google Groups "Google Civic Information API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-civicinfo...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jared Marcotte]

Dragging up an old thread for anyone else who may be running into this issue. Thanks to Eric Mill, we found a bit of a workaround for congressional images. For the current bioguide situation, there's another site that is HTTPS (NB: turns out http://bioguide.congress.gov/ redirects to https://bioguideretro.congress.gov/). You can swap the "http://bioguide.congress.gov/bioguide/" part of the URL with "https://bioguideretro.congress.gov/Static_Files/data/" (e.g. http://bioguide.congress.gov/bioguide/photo/C/C001035.jpg would become https://bioguideretro.congress.gov/Static_Files/data/photo/C/C001035.jpg). Hope this helps!