Avatar image for wcarle
#1 Posted by wcarle (339 posts) -

Good news! Giant Bomb is going SSL! But what does that mean for you?

We're enabling SSL as an option for all requests to the site and we will be delivering all our assets linked in our articles and API calls with SSL.

So, for example the URLs in the API responses for images and video will change from:

Images changing from http://static.giantbomb.com to https://static.giantbomb.com

Progressive video (MP4) changing from http://v.giantbomb.com to https://giantbomb-pdl.akamaized.net

Streaming video (M3U8) changing from http://hdv.giantbomb.com to https://giantbomb-vh.akamaihd.net

This shouldn't require any work from you unless you are for some reason manipulating the URLs before requesting them or hard coding the URL protocol, so make sure you're not doing that!

Our timeline for going live with this is the week of March 6th. We plan on forcing SSL for the site as a whole after this change has been up and running for a while. Once that is in place your app should be hitting the SSL URL directly or be able to handle the SSL redirect that we will do automatically

So, in summary:

  • For API applications that explicitly use links in API XML/JSON results, there should be no changes to your app needed since the links will become SSL when this change goes live. If you do have any hard coded hostnames for video or images though, you will need to pay attention to the changes being made.
  • The old non-SSL URLs will continue to work for a short time even after this change goes live. But we highly recommend you make any changes needed as soon as possible. Again, as long as you have no hard coded URLs or hostnames, and are simply using the links provided in API results, no changes will be needed.

If you have any questions feel free to ask below!

Staff
Avatar image for paudle
#2 Edited by paudle (120 posts) -

Hooray for https!

Avatar image for frytup
#3 Posted by frytup (981 posts) -

Encrypt the web, yo.

Avatar image for narfinger
#4 Posted by Narfinger (1 posts) -

Awesome! Do you need to contact EFF to adjust https-everywhere or will this happen automatically?

Avatar image for subkamran
#5 Posted by subkamran (37 posts) -

I've been waiting for this for years, excellent! Thank you so much! I've been proxying through a CDN this whole time (and paying for it) so this is huge.

Avatar image for myniceicelife
#6 Edited by MyNiceIceLife (712 posts) -

Good luck on the change over! The site I work on we changed over at the end of January and managed to come out of it without any issues, but I've heard of it going bad as well.

Avatar image for steveeasley
#7 Posted by steveeasley (17 posts) -

FYI This change is now live!

Staff
Avatar image for hassun
#8 Posted by hassun (9224 posts) -

Delicious https

Avatar image for gentlemen_demon
#9 Edited by Gentlemen_Demon (8 posts) -

@wcarle Thanks for all the hard work!! Great to see this make it onto the site. Does this mean y'all are adding support for HLS for streaming video in iOS apps? If so, are there any guidelines for how to access those .m3u8 playlists (besides spying on video streams from the site)?

Avatar image for wcarle
#10 Posted by wcarle (339 posts) -

@gentlemen_demon:We actually have an endpoint that we use internally. I've been meaning to update it so we can release it to external devs. I just made the changes necessary to do that so it should be available next week. If I forget to message you for some reason feel free to PM me next week for an update!

Staff
Avatar image for scott-r
#11 Posted by Scott-R (28 posts) -

This is fantastic! Can't wait for HLS streaming in the API too!

Avatar image for wcarle
#12 Posted by wcarle (339 posts) -

@scott-r: @gentlemen_demon: just released the Livestream endpoint, details here!

http://www.giantbomb.com/profile/wcarle/blog/new-api-endpoints-for-video/114691/

Staff
Avatar image for wcarle
#13 Posted by wcarle (339 posts) -
Staff
Avatar image for hassun
#14 Posted by hassun (9224 posts) -
Avatar image for okand
#15 Edited by okand (96 posts) -

I normally don't read the forums so I had no idea about this until today when I noticed the site suddenly used https.

Just wanted to say that's awesome!

Avatar image for void
#16 Edited by void (273 posts) -

I might be in a minority here but I kind of wish the API would be available without SSL as well, to still be optional. (Everything else on the site should force SSL , though.)

Reason is that I wanted to implement the HTTP requests myself and not rely on thirdparty software for SSL and TLS, etc. With regular http I could really easily just open a TCP socket and write the expected headers.