Feature #14411
openURI#secure?
Description
I wonder if some predicate method (say #secure?) could be added to URI::Generic class. Currently the only way to query if uri is secure is:
uri.instance_of?(URI::HTTPS)
Inspired by this question: https://stackoverflow.com/questions/2212735/ruby-checking-if-uri-is-https
Updated by shevegen (Robert A. Heiler) almost 7 years ago
I think this may be a good suggestion, assuming that there is no simpler
API.
The examples on stackoverflow seem very verbose which is often not a
good sign - either the documentation is not good so people can not
find a shorter variant; or no shorter variant exists.
So .secure? seems good to me.
You may have to get someone from the ruby core team and/or matz to
give the go-ahead for the API proposal.
If I understand it correctly the method will return a boolean result
(true/false), and the only check that can yield true is if the URI
scheme uses https, right? (I am just asking in the event that the
method is to be added, so that people can also add documentation
and the desired behaviour to it.)
Updated by artur86 (Artur *) almost 7 years ago
Thank you for your feedback, Robert! You got it absolutely right in terms of implementation. Base class might always return false, whereas HTTPS class should return true then.
I would be happy to implement it.
Updated by nobu (Nobuyoshi Nakada) almost 7 years ago
Net::HTTP
and Net::POP
have #use_ssl?
method.
Shouldn't URI
libraries follow them?
Updated by artur86 (Artur *) almost 7 years ago
#secure?
looks more concise and abstract to me, whereas #use_ssl?
is good in terms of consistency. Perhaps #secure?
might be aliased to #use_ssl
in other Net
classes?
Updated by duerst (Martin Dürst) almost 7 years ago
#use_ssl?
will answer what it is being asked, namely whether SSL is used or not. Aliasing that to #secure?
will give the wrong impression; there are many different ways to use SSL and still not be 'secure'. So please avoid method names that can give the wrong impression.
Updated by artur86 (Artur *) almost 7 years ago
I agree that #secure?
might not be good for existing Net::*
classes, but how about URI
? Do you still think it should also be called use_ssl?
? I am happy with both of the options, but I wonder how is usually this kind of debates solved? Is there some person who makes final decision, say Matz?
What are the next steps? Should I wait for someone's confirmation to go ahead?
Updated by phluid61 (Matthew Kerwin) almost 7 years ago
Would this predicate (whatever it's called) return true for an sftp URI? XMPP?
If so, do you not still have to test for HTTP(S) explicitly? So what value does it add?
And if not, don't you just want an #is_https?
predicate?
Updated by artur86 (Artur *) almost 7 years ago
Updated by sos4nt (Stefan Schüßler) almost 7 years ago
artur86 (Artur Beljajev) wrote:
Base class might always return false, whereas HTTPS class should return true then.
Note that you can change the scheme:
uri = URI('http://example.com/')
uri.scheme = 'https'
uri #=> #<URI::HTTP https://example.com/>
uri.class #=> URI::HTTP
uri.scheme #=> "https"
Updated by artur86 (Artur *) almost 7 years ago
sos4nt (Stefan Schüßler) wrote:
artur86 (Artur Beljajev) wrote:
Base class might always return false, whereas HTTPS class should return true then.
Note that you can change the scheme:
uri = URI('http://example.com/') uri.scheme = 'https'
My fault. I assumed it is immutable, for some reason. Then it will check current scheme dynamically.
Updated by znz (Kazuhiro NISHIYAMA) almost 7 years ago
- I think scheme is incomplete to detect secure or not.
- postgres scheme use with/without ssl.
- mailto does depend on transport.
- And secure protocols without ssl exist.
- S-HTTP is secure but does not use ssl.
Updated by artur86 (Artur *) almost 7 years ago
Perhaps #https?
might work? (as phluid61 actually suggested with the only difference that "is" is "#...?" in Ruby)
Used in Rails: https://github.com/rails/rails/blob/2090615d39c071c9eb25e715275eb79f3f9b6266/actionpack/lib/action_dispatch/testing/integration.rb#L250