Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update README to reflect initial functionality.
- Loading branch information
Showing
1 changed file
with
32 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,33 @@ | ||
expurgate | ||
========= | ||
# expurgate | ||
|
||
Running an SSL site? Don't want mixed content? Expurgate lets you serve non-HTTPS content over HTTPS! | ||
Running an SSL site? Don't want mixed content warnings? Expurgate lets you serve external, non-HTTPS content over HTTPS! | ||
|
||
## How it works | ||
|
||
Server-side, you route all your HTTP calls to images to an HTTPS call to expurgate, which might look like: | ||
|
||
https://example.com/expurgate.php?checksum=foo&url=http://example.net/foo.jpg | ||
|
||
Expurgate will then fetch http://example.net/foo.jpg and serve it over SSL — meaning that every request on your page is still encrypted, and your users see no mixed content warnings. | ||
|
||
## What's this checksum? | ||
|
||
So that not just anyone can request images — which would make you, in effect, a free image hosting service — the code calling expurgate is expected to generate a checksum to authenticate its request. This is an SHA-256 [HMAC][] value, based on a shared secret known by both the calling code and expurgate — but not by the viewer of the page. | ||
|
||
[HMAC]: http://en.wikipedia.org/wiki/HMAC | ||
|
||
So, to generate the checksum in the above example, the calling code would look like: | ||
|
||
<?php | ||
$url = 'http://example.net/foo.jpg'; | ||
|
||
$key = file_get_contents('cache/key.txt'); | ||
|
||
$checksum = hash_hmac('sha256', $url, $key); | ||
?> | ||
|
||
<img src="https://example.com/expurgate.php?checksum=<?php echo $checksum ?>&url=<?php echo urlencode($url) ?>" /> | ||
|
||
## Requirements | ||
|
||
PHP >5.2.0 with hash functions. |