posted on 2015-08-07
TBRSS is SSL-only, but many feeds are HTTP-only, and many of those feeds have images. In modern browsers, insecure assets – including images – generate mixed-content warnings, at varying levels of severity.
In the context of a feed reader, such warnings are useless. But as browsers are moving towards more secure defaults, it seems wise to fix it before it becomes a problem.
The basic technique is nothing new. You can read about the details in a Github blog post from 2010 – in short, insecure URLs are fetched through a secure proxy.
This is what TBRSS does, with one bandwidth-saving complication: we parse the rules from the HTTPS Everywhere extension and, when possible, directly re-write insecure URLs to their secure equivalents – in which case no proxy is needed.
posted on 2015-08-05
I am pleased to report that, after a long (but not unreasonable) delay, that second pull request has been made and merged, and stock Drakma can be used with SNI-enabled hosts.