Accessing SSL enabled Google Apps feed with http protocol
Building an app using a calendar on a Google Apps domain that has SSL enforced domain-wide. I initially found the problem when building a Rails app using the GCal4Ruby library, which used the allcalendars feed URL with a non-SSL protocol (GCal4Ruby debug output snippet [sic]):
…
url = http://www.google.com/calendar/feeds/default/allcalendars/full
Starting post
Header: AuthorizationGoogleLogin auth=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxGData-Version2.1
Redirect recieved, resending get to https://www.google.com/calendar/feeds/default/allcalendars/full?gsessionid=xxxxxxxxxxxxxxxxxxxxxx
Redirect recieved, resending get to https://www.google.com/calendar/feeds/default/allcalendars/full?gsessionid=xxxxxxxxxxxxxxxxxxxxxx
Redirect recieved, resending get to https://www.google.com/ca开发者_运维问答lendar/feeds/default/allcalendars/full?gsessionid=xxxxxxxxxxxxxxxxxxxxxx
…
This was interesting because it seemed to continue forever. I think I've fixed this in GCal4Ruby locally by creating the ability to use the allcalendars feed with the HTTPS protocol (i.e: https://www.google.com/calendar/feeds/default/allcalendars/full
).
The thing that worries me is that I see no mention of the allcalendars feed needing to specify the HTTPS protocol in the Google documentation. That, and the fact that when I access the same domain using the Zend GData library in PHP, it works fine accessing the non-SSL private feed (i.e. http://www.google.com/calendar/feeds/r-calendar.com_xxxxxxxxxxxxxxxxxxxxxxxxxxx%40group.calendar.google.com/private/full
).
So, the question: What am I misunderstanding? Is it just the allcalendars feed that needs to be accessed with SSL and the rest of the private feeds can safely use the authentication token?
Anyone have any insight, or pointers to some good docs?
So, it looks like perhaps redirect to the normal URL is normal for authentication, but that the library is not handling the redirect correctly because of some differences between the way Google Apps and Accounts work on the backend. This is in contrast to the Zend library, which seems to handle this more robustly. That's my current guess, anyway.
精彩评论