og links in posts header are non https and using relative URLs?

[tclaus]

I've opened a post in single Post-view. (is this the correct naming?) and checked the source.

I found out that even that the diaspora service runs a https protocol, the OG - link is a old styled http.
I also found out, that there is a link to an image, but this is a relative link og:image is not a full URL. Is this right? the oG spec refers these links as full qualified links.
https://ogp.me

[denschub]

Huh, that's interesting. The URL is generated using the post_url helper

diaspora/app/presenters/post_presenter.rb

Lines 223 to 225 in 1f32999

	def url
	post_url @post
	end

Which apparently doesn't know if it's running http or https. Looking at the BasePresenter, we already set some URL options:

diaspora/app/presenters/base_presenter.rb

Lines 35 to 37 in 4c74136

	def default_url_options
	{host: AppConfig.pod_uri.host, port: AppConfig.pod_uri.port}
	end

The url_for helper defaults to http. Simply overriding this to https would break tests and local, non-https, development setups. However, adding

protocol: AppConfig.pod_uri.scheme

to that hash should do the job, I think.

[denschub]

Also, I don't quite know why the links in the mails currently have the right protocol, but I think it should not do any harm setting the protocol additionally in ActionMailers defaults, as well as the global route's defaults. I don't currently know any cases where that fails, but I also don't think it can do any harm adding explicit protocol definitions there as well.

One other thing that just came to mind: We don't actually use force_ssl in our current production environment, and the require_ssl flag in the config isn't actually affecting this either. @SuperTux88, are you aware of any side-effects from toggling force_ssl to true if the podmin set require_ssl in their config?