-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pokémon Proxy API: HTTPS replaced with HTTP in API response #597
Comments
Thanks for bringing this to our attention, @lasjorg. I'm not sure why exactly the protocol is changing there where it should be HTTPS in the vast majority of cases. It's possible it has something to do with running Express within Docker, or with our Caddy setup. Either way, I think I tried to get a bit too fancy here, and was trying to get the resource links to work locally in development (http://localhost:/api...), and in production. The protocol could be handled much more simply. I did a quick test, and should have a working solution for this. |
Describe the bug
The "get all" endpoint of the proxy is replacing the original API HTTPS links with HTTP, causing CORS blocking (mixed content). This happens if campers fetches all Pokémon and then uses the
url
property from the response to fetch with.To Reproduce
https://pokeapi-proxy.freecodecamp.rocks/api/pokemon
Response (truncated to single object):
I assume it is happening on line 28
https://github.com/freeCodeCamp/demo-projects/blob/aa9397157a6948de46951cf8a6af28cebf4a8f83/apps/pokeapi-proxy/api/pokemon/pokemon.handlers.mjs#L28C18-L28C30
Can't say I know why
req.protocol
would be HTTP and not HTTPS in production. Maybe it is related to Docker. Not sure if setting "trust proxy" in the express app would do anything (docs). I assume it would HTTP in dev, so I'm not sure how to test this.@scissorsneedfoodtoo Any idea why this is happening?
Expected behavior
HTTPS API links in production.
Additional context
There are quite a few examples of this happening, but here is the latest forum post I saw.
https://forum.freecodecamp.org/t/build-a-pokemon-search-app-project-error-fetching-pokemo-data-mixed-content-error-solved/690083
The text was updated successfully, but these errors were encountered: