-
Bug
-
Resolution: Fixed
-
Normal
-
None
-
None
https://api.acoustid.org first shows a cert for www.acoustid.org, and then it redirects to acoustid.org. No API results at any point. http://api.acoustid.org (which is what's currently in the scripts) gets rejected as loading insecure content via XHR, at least by my browser.
So, two things need to happen:
a.) acoustid API needs to be accessible over https with a valid certificate
b.) MBS needs to use scheme-relative links for loading acoustid API data in root/recording/fingerprints.tt
- is related to
-
MBS-2411 Login page should be encrypted (SSL/TLS)
-
- Closed
-
[MBS-5347] acoustid API isn't available nor requested over https, so on https musicbrainz-server acoustids don't appear
Should work now. It uses SNI, so MSIE users on Windows XP still get the www.acoustid.org certificate, but I can live with that. 
https://api.acoustid.org/v2/track/list_by_mbid?format=xml&mbid=c03e05a3-3f6b-4f3a-93ef-66057786d072
I totally forgot that it's using JSONP to fetch the data. In that case, yes, HTTPS is probably a must. I'll have a look at that.
To my knowledge, that'd be the only way to have the acoustid listings work on an https musicbrainz (except of course if we start pulling acoustid information and reading from our own database). What's your concern with enabling the API over https?
Assigning this to luks for step 1 – feel free to pester me if you want a tester/SSL auditor/whatever though
Fix version wasn't added for some reason, so this wasn't closed.