further improvement ideas for the API
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Hi.
This is again all about the API (http://
1) IMHO it could eventually become problematic, that the access URL doesn't contain the digest type, i.e. it's just
http://
and not
http://
or e.g.
http://
or something like that.
Even though it seems unlikely right now, one might in some future distant want to change the hash algo, probably less because of security per se, but rather as MD5/SHA256 might no longer be widespread...
And the size of the hash alone is not enough to tell the type... future ones will also use the "common lengths".
2) The API should specify, that DNS SRV resolution MUST be performed (first!!).
I see the point why you handle http://
3) The standard says nothing about whether both, MD5 and SHA256 must be in place on the server, or whether (and in which order) clients would need to try.
4) I would add that client's are allowed to directly access the "real" filenames i.e. "<email address hidden>?s=xxx
5) It should be specified, that HTTP content negotiation is "allowed" to be used...
e.g. http://
could lead to either a PNG, JPEG or SVG file, depending on what the client preferred.
6) I would add a "servers SHOULD provide the images at least as PNG files",... to have a common subset
7) the s= parameter should be clarified as follows:
A client can express a "wish" that he wan'ts a file sized xxx...
If the server has it,... he should return it,... if not, he should return the next larger version.
so far this is nothing new.. but:
It's mandartory for the client (library/etc.) to resize the image to desired size, if it doesn't have that already.
Cause the users of the libraries, need to be sure that the size is what they wished (or otherwise their layout might get broken).
8) I'd further add a note, that the current size limit might be changed later on.
9) IMHO it's a deficiency that only square images are supported.
All this would be nice in an RFC ;-)
Cheers,
Chris.
btw: Allowing vectorised images, of course adds the problematic, that the s= parameter is kinda useless... so one would have to think about this.
> This is again all about the API (http:// wiki.libravatar .org/api/), which, AFAIKU, is kind of the standard
> definition of the "avatars" service
Tha'ts indeed the main place, though we have started a spec outline here:
https:/ /libravatar. etherpad. catalyst. net.nz/ draft-spec
after a discussion on the mailing list.
> 1) IMHO it could eventually become problematic, that the access URL doesn't contain the digest type
Good point. Let's track this in bug #1162617.
> 2) The API should specify, that DNS SRV resolution MUST be performed (first!!).
I've just changed the "should" to a "must" on the API page of the wiki. Did you have anything else in mind in terms of tweaking how this part is phrased?
> 3) The standard says nothing about whether both, MD5 and SHA256 must be in place on the server, or
> whether (and in which order) clients would need to try.
I've just added this to the draft spec.
> 4) I would add that client's are allowed to directly access the "real" filenames i.e. "<email address hidden>?s=xxx
I don't understand what you mean by that.
> 5) It should be specified, that HTTP content negotiation is "allowed" to be used...
Good point. I've added it to a new "Image formats" section of the draft spec.
> 6) I would add a "servers SHOULD provide the images at least as PNG files",... to have a common subset
Are you sure that's necessary? The alternative would be to leave it up to the server to negotiate the right format with the client.
> 7) the s= parameter should be clarified as follows
> 8) I'd further add a note, that the current size limit might be changed later on.
Most of these were clarified on the mailing list and are already in the draft spec, but I've added your point about non-browser clients needing to resize the image themselves.
> 9) IMHO it's a deficiency that only square images are supported.
The reason why it's like that in Libravatar is for compatibility with Gravatar. I suspect that the reason why Gravatar chose to require square images is to enable sites to specify image width and height. If width != height, then you have no way of setting these attributes automatically in the browser and that can cause a lot of unnecessary reflows.
> All this would be nice in an RFC ;-)
I agree :) If you want to help (or lead that effort), feel free to join the mailing list:
https:/ /launchpad. net/~libravatar -fans
Cheers,
Francois