auth.getMobileSession should use HTTPS

[maxkueng]

According to the documentation, the auth.getMobileSession method will not work over plain HTTP. HTTPS should be used instead.

The returned error object looks like this:

{ error: 4,
  message: 'You must use HTTPS in order to use this method.',
  links: [] }

[maxkueng]

Hi James

I thought this should do the trick but it doesn't. Now the request returns a non-JSON (i.e. HTML) response saying the document has permanently moved to localhost. It's really weird. Do you have an idea what could be wrong? Maybe the Last.fm API is mad?

Cheers Max

PS: How to convert a GitHub issue into a pull-request - pretty cool

The response body:

<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/0.7.65</center>
</body>
</html>

The response headers:

{ server: 'nginx/0.7.65',
  date: 'Sat, 19 Jan 2013 21:05:03 GMT',
  'content-type': 'text/html',
  'content-length': '185',
  location: 'https://localhost:445/2.0/',
  connection: 'keep-alive' }

The options for http(s).request:

{ host: 'ws.audioscrobbler.com',
  port: 443,
  path: '/2.0',
  method: 'POST',
  headers: 
   { 'User-Agent': 'lastfm-node',
     'Content-Length': 162,
     'Content-Type': 'application/x-www-form-urlencoded' } }

And the body for the POST request:

username=**********&password=**********&method=auth.getMobileSession&api_key=********************************&format=json&api_sig=********************************

[maxkueng]

I think I broke something. Will have to go over it again.

[jammus]

Thanks for the heads up, Max. I'll have a look and see if I can see what's happening too.