Project

General

Profile

Feature #14411

URI#secure?

Added by artur86 (Artur Beljajev) 4 months ago. Updated 4 months ago.

Status:
Open
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:85156]

Description

I wonder if some predicate method (say #secure?) could be added to URI::Generic class. Currently the only way to query if uri is secure is:

uri.instance_of?(URI::HTTPS)

Inspired by this question: https://stackoverflow.com/questions/2212735/ruby-checking-if-uri-is-https

History

#1 Updated by artur86 (Artur Beljajev) 4 months ago

  • Description updated (diff)

#2 Updated by artur86 (Artur Beljajev) 4 months ago

  • Description updated (diff)

#3 Updated by artur86 (Artur Beljajev) 4 months ago

  • Description updated (diff)

#4 Updated by artur86 (Artur Beljajev) 4 months ago

  • Description updated (diff)

#5 [ruby-core:85157] Updated by shevegen (Robert A. Heiler) 4 months ago

I think this may be a good suggestion, assuming that there is no simpler
API.

The examples on stackoverflow seem very verbose which is often not a
good sign - either the documentation is not good so people can not
find a shorter variant; or no shorter variant exists.

So .secure? seems good to me.

You may have to get someone from the ruby core team and/or matz to
give the go-ahead for the API proposal.

If I understand it correctly the method will return a boolean result
(true/false), and the only check that can yield true is if the URI
scheme uses https, right? (I am just asking in the event that the
method is to be added, so that people can also add documentation
and the desired behaviour to it.)

#6 [ruby-core:85158] Updated by artur86 (Artur Beljajev) 4 months ago

Thank you for your feedback, Robert! You got it absolutely right in terms of implementation. Base class might always return false, whereas HTTPS class should return true then.

I would be happy to implement it.

#7 [ruby-core:85176] Updated by nobu (Nobuyoshi Nakada) 4 months ago

Net::HTTP and Net::POP have #use_ssl? method.
Shouldn't URI libraries follow them?

#8 [ruby-core:85182] Updated by artur86 (Artur Beljajev) 4 months ago

#secure? looks more concise and abstract to me, whereas #use_ssl? is good in terms of consistency. Perhaps #secure? might be aliased to #use_ssl in other Net classes?

#9 [ruby-core:85201] Updated by duerst (Martin Dürst) 4 months ago

#use_ssl? will answer what it is being asked, namely whether SSL is used or not. Aliasing that to #secure? will give the wrong impression; there are many different ways to use SSL and still not be 'secure'. So please avoid method names that can give the wrong impression.

#10 [ruby-core:85227] Updated by artur86 (Artur Beljajev) 4 months ago

I agree that #secure? might not be good for existing Net::* classes, but how about URI? Do you still think it should also be called use_ssl?? I am happy with both of the options, but I wonder how is usually this kind of debates solved? Is there some person who makes final decision, say Matz?

What are the next steps? Should I wait for someone's confirmation to go ahead?

#11 [ruby-core:85239] Updated by phluid61 (Matthew Kerwin) 4 months ago

Would this predicate (whatever it's called) return true for an sftp URI? XMPP?

If so, do you not still have to test for HTTP(S) explicitly? So what value does it add?

And if not, don't you just want an #is_https? predicate?

#13 [ruby-core:85256] Updated by sos4nt (Stefan Schüßler) 4 months ago

artur86 (Artur Beljajev) wrote:

Base class might always return false, whereas HTTPS class should return true then.

Note that you can change the scheme:

uri = URI('http://example.com/')
uri.scheme = 'https'

uri         #=> #<URI::HTTP https://example.com/>
uri.class   #=> URI::HTTP
uri.scheme  #=> "https"

#14 [ruby-core:85257] Updated by artur86 (Artur Beljajev) 4 months ago

sos4nt (Stefan Schüßler) wrote:

artur86 (Artur Beljajev) wrote:

Base class might always return false, whereas HTTPS class should return true then.

Note that you can change the scheme:

uri = URI('http://example.com/')
uri.scheme = 'https'

My fault. I assumed it is immutable, for some reason. Then it will check current scheme dynamically.

#15 [ruby-core:85259] Updated by znz (Kazuhiro NISHIYAMA) 4 months ago

  • I think scheme is incomplete to detect secure or not.
    • postgres scheme use with/without ssl.
    • mailto does depend on transport.
  • And secure protocols without ssl exist.
    • S-HTTP is secure but does not use ssl.

#16 [ruby-core:85501] Updated by artur86 (Artur Beljajev) 4 months ago

Perhaps #https? might work? (as phluid61 actually suggested with the only difference that "is" is "#...?" in Ruby)

Used in Rails: https://github.com/rails/rails/blob/2090615d39c071c9eb25e715275eb79f3f9b6266/actionpack/lib/action_dispatch/testing/integration.rb#L250

Also available in: Atom PDF