none
blogging over https and absolute links

    Question

  • I am using live writer over https for security reasons. So my blog's url was declared with https in front as I could find no other way to do it. Although this works, it has certain undesirable side effects. For instance, image source urls, that are inevitably absolute (there should be a relative url option), come out with https in front which means that people who view the blog over the usual http will have to view the pictures over https. Another side effect is that live writer will ping using the https url instead of the normal http one.

    Relative linking and https operation that is not associated to the blog's actual url are two absolutely necessary features that nedd to be added.
    Wednesday, April 01, 2009 10:33 AM

Answers

  • Sorry Fotios, currently nothing you can do on the Writer side will fix this problem. Writer uploads an image to the RPC endpoint, and the RPC endpoint replies with a URL where the image can be found. Your blogging software is deciding to return an image URL that begins with https, and it's almost certainly doing that solely because the RPC endpoint itself begins with https.

    You really should ask them to see about fixing the problem--if it's WordPress (for example) there's actually a really good chance that someone will fix it. We try to make things as easy and as secure as we can, but in the end we are usually at the mercy of your blog software's features and bugs.
    • Marked as answer by FBass Thursday, April 02, 2009 11:32 PM
    Thursday, April 02, 2009 10:49 PM
    Owner

All replies

  • Hi FBass,

    Generally blogging software doesn't use relative URLs because RSS/Atom readers don't expect them; any images and links will be broken unless they are absolute.

    The absolute image URLs we use are taken verbatim from your blog software--they decide whether we should use HTTP or HTTPS. It might be worth asking your blog software provider to consider always returning HTTP URLs even when accessing over HTTPS.

    Hope that helps!

    Wednesday, April 01, 2009 4:46 PM
    Owner
  • Hi there,

    thank you for your help.

    Regarding the the relative paths, i did not know of the readers' issue with them - I guess this means that live writer does the safest thing it can do in this case, although having options on how things get done can't be bad (you could always have the absolute url as the default) unless some kind of standard (e.g. an RFC) is violated.

    Regarding the second point I am wondering if declaring the blog site as http://mydomain.com/blog/  and the site's rpc page as https://mydomain.com/rpc will result in having the right blog url while at the same time performing log in and sending all post info over an encrypted link. Would it?

    All I am saying is that I would have expected from live writer to not have reduced to guesswork something as important as setting up secure blogging...

    Cheers,
    Fotios

    Thursday, April 02, 2009 9:03 PM
  • Sorry Fotios, currently nothing you can do on the Writer side will fix this problem. Writer uploads an image to the RPC endpoint, and the RPC endpoint replies with a URL where the image can be found. Your blogging software is deciding to return an image URL that begins with https, and it's almost certainly doing that solely because the RPC endpoint itself begins with https.

    You really should ask them to see about fixing the problem--if it's WordPress (for example) there's actually a really good chance that someone will fix it. We try to make things as easy and as secure as we can, but in the end we are usually at the mercy of your blog software's features and bugs.
    • Marked as answer by FBass Thursday, April 02, 2009 11:32 PM
    Thursday, April 02, 2009 10:49 PM
    Owner
  • Thank you Joe!
    Thursday, April 02, 2009 11:32 PM
  • Joe,

    that does not seem to be entirely correct; the writer is doing something on its side, resolving even relative links to its absolute which really messes my use case up, where I want the users to publish articles to a staging server, that will then be copied over to a production environment. Since I've written the blog software myself, I can absolutely tell that the blog server is sending relative image urls back to writer, but when writer sends the text content, the image urls have been converted to absolutes.

    Please help?

    Tuesday, March 23, 2010 9:57 AM
  • I think that's right--absolute URLs are taken verbatim but relative ones are converted to absolute. It's not a good idea to rely on this behavior though, as I don't think it's obvious what the right base URL is to resolve the image against and whatever Writer is doing is probably just a guess.

    Anyway, I can't tell you for sure because I don't work for Microsoft anymore and don't have access to the code. If you control the blog software, though, why not just return absolutes and convert absolute URLs on the way over to production? That's by far most feasible option I can think of and will cover not only images but also intra-blog links (Insert > Hyperlink > Link to... Previous Post).

    As noted above, RSS readers won't show your images if you have relative image URLs, so I really recommend you go from staging absolute URLs to production absolute URLs, not to relative.

    Hope that helps...

    Tuesday, March 23, 2010 4:21 PM
    Owner