GeoNames Home | Postal Codes | Download / Webservice | About 

GeoNames Forum
  [Search] Search   [Recent Topics] Recent Topics   [Groups] Back to home page 
[Register] Register / 
[Login] Login 
Please provide HTTPS for free webservices too  XML
Forum Index -> General
Author Message
sammycemmy



Joined: 24/07/2013 10:24:11
Messages: 3
Offline

Dear GeoNames team!

During the last couple of years secure HTTPS is becoming more and more popular not only in commercial use but also especially within the private use of Webservices. For example take the "Let's Encrypt project" or the fact that Browser developers like Google or Firefox are pushing the use of HTTPS and restricting the use of unsecure HTTP services more and more in the coming future.

So the use of HTTPS instead of HTTP shouldn't be a premium feature any longer, like is has been meaningful maybe some years before. Instead HTTPS should nowadays be the standard proctocol for each kind of Webservice, HTTP shouldn't be used at all if possible.

So it's very ok if you still differ between free and premium services. But I kindly ask you to please remove the HTTPS protocol out of this differenciation and provide each service by HTTPS.

For example when I'm running a HTTPS-Website, I'm not able to use your free elevation Webservice. Because of each modern Browser is forbidding the contact of HTTP-services integrated within HTTPS-projects. So I'm forced to use other services like Google Maps APIs etc. and not using Geonames any more.

If more and more Website/App developers are facing these problems and saying goodbye to genonames.org, this would be a pity for the future of your great, opensource site...
marc



Joined: 08/12/2005 07:39:47
Messages: 3909
Offline

Hi

An ssl endpoint is available at https://secure.geonames.org/

Best Regards

Marc

[WWW]
sammycemmy



Joined: 24/07/2013 10:24:11
Messages: 3
Offline

Hi Marc, thank you very much!

But I think it is also important that the secure version is using exactly the same URL-scheme as the non-secure version. So each developer and/or user can simply get the secure version of a service by changing "http://" to "https://". This is the usual way of secure websites.

For example:

http://api.geonames.org/astergdemXML?lat=50.01&lng=10.2&username=demo
should also be available as
https://api.geonames.org/astergdemXML?lat=50.01&lng=10.2&username=demo
 
Forum Index -> General
Go to:   
Powered by JForum 2.1.5 © JForum Team