Use HTTPS for web service queries #197
Comments
|
Does MB use SNI? That is not supported on all Python versions we support. |
|
Yes, we've had issues with that before. In CritiqueBrainz we had to add some hacks to access MBS via HTTPS. |
|
I don't mind dropping support for python 2.6 if we need to. Are there any other possible workarounds? |
|
Right, https://stackoverflow.com/questions/18578439/using-requests-with-tls-doesnt-give-sni-support/18579484#18579484 shows something similar. We could leave it as "supported with this caveat" |
|
Also keep in mind that 2.7 started supporting SNI and a bunch of other things only from 2.7.9. |
|
Looks like Requests (i.e., #123) also supports SNI. EDIT: Oops; @alastair already noticed this! |
|
Yep. I'm happy to start considering requests again, but this won't help anyone using older versions of the library |
I had to fork python-musicbrainzngs to add HTTPS support because alastair/python-musicbrainzngs#197 has not been resolved yet.
The Python library being used does not currently support contacting MusicBrainz.org over HTTPS: alastair/python-musicbrainzngs#197
|
We talked about this in IRC. Our plan is to:
The new parameter should default to false so that it's backwards compatible with existing code which already calls |
|
It's about time to drop Python 2.6 anyway, it's been EOL since 2013 and many packages have already dropped support meaning it's getting harder to support and test. Luckily, usage is low. Here's the pip installs for musicbrainzngs from PyPI for the last month: Python 3.2 and 3.3 are also now EOL, and have even lower numbers, so you could consider dropping those too. Thoughts? |
|
Considerations for HTTP/HTTPS have come up again for whipper-team/whipper#210 - @alastair, how would you feel about this as a GCI task? :) |
|
Considering that Python 2 will be dead in less than a year, maybe we can just bump the minimum version for the next release (0.7 or 1.0) to Python 2.7.6+ and any future releases by Python 3 only? |
This adds a new "global" `https` boolean variable. This variable will be True by default, but if `set_hostname()` gets called it will default to False. This should allow both using coverartarchive.org over HTTPS by default, but anyone that have a script setting a custom server (that may not support HTTPS) will continue to work as well. Related to alastair#197 Signed-off-by: Frederik “Freso” S. Olesen <freso.dk@gmail.com>
This adds a new "global" `https` boolean variable. This variable will be True by default, but if `set_hostname()` gets called it will default to False. This should allow both using musicbrainz.org over HTTPS by default, but anyone that have a script setting a custom server (that may not support HTTPS) will continue to work as well. Fixes alastair#197 Signed-off-by: Frederik “Freso” S. Olesen <freso.dk@gmail.com>
This adds a new "global" `https` boolean variable. This variable will be True by default, but if `set_hostname()` gets called it will default to False. This should allow both using coverartarchive.org over HTTPS by default, but anyone that have a script setting a custom server (that may not support HTTPS) will continue to work as well. Related to alastair#197 Signed-off-by: Frederik “Freso” S. Olesen <freso.dk@gmail.com>
MusicBrainz is now planning to go all HTTPS-only in the future. To begin with, only the non-/ws/ sections of the page with be HTTPS-only, but it is planned that eventually everything will only be accessible through HTTPS - so python-musicbrainzngs should probably make the switch sooner rather than later. :)
Relevant upstream ticket: https://tickets.musicbrainz.org/browse/MBH-363
The text was updated successfully, but these errors were encountered: