Roon Server suggestion

I was looking at the RoonServer logs and noticed multiple entries like:

‘Debug: [easyhttp] [54277] POST to http://ws.audioscrobbler.com/2.0/…’
‘Debug: [easyhttp] [54319] GET to http://sp-pr-fa.audio.tidal.com
etc

May I suggest that Roon switches to an HTTPS alternative to easyhttp ?

EDIT: Missed that there are also ‘[easyhttp] POST/GET to https://’ requests, so you can just change all http to https requests - much easier to implement.

(You can never have too much security and I’m not being paranoid :slight_smile: )

Thank you

PS: Where is the ‘feedback’ category?
Do I need glasses or there isn’t one? :thinking:

Are we sure that these servers run https?

#feedback

Yes, pretty sure that most if not all services like https://ws.audioscrobbler.com/ and Tidal support https.

FYI: Why is HTTP not secure?

PS: can you please move this port to the # feedback thread?

Moved

Just because audioscrobbler.com and tidal.com com do, does not necessarily mean that the subdomains used here do. Of course general traffic to Tidal is https but aren’t the actual music data streams http? I thought so

https://ws.audioscrobbler.com/ just says (note “http”)

Please visit http://www.last.fm/api

Thank you

even if some are still (as http is deprecated), you can use https for the ones that support it. Can not test it as I don’t have access to the various APIs that Roon uses, thus the suggestion …

That’s why I was asking whether we are sure that the examples here do support it. I don’t know, but maybe there’s a reason that http is used here

According to Wikipedia, only HTTP/0.9 is formally deprecated. Not everything must be encrypted

try this instead:
https://ws.audioscrobbler.com/2.0/

1 Like

From my logs - the Actual line is:
“[easyhttp] [126158] GET to http://sp-pr-fa.audio.tidal.com …”

Try this:
https://sp-pr-fa.audio.tidal.com/mediatracks/CAEaKRInODZjNmFhZjBjNjI0ODA1M2FjZTk5MzNhY2IxMWU4YzVfNjEubXA0/0.flac?token=1696605767~NWVlMzYwMjcwOTAxM2QxZDY5MTJjOGE0ZTkwZmJjNDg5YmRjZTAzMg==
(returns an error since the token has expired)

I looked a bit because I was bored and the examples in the Scrobbling API documentation and elsewhere use http and it says:

As with all our write web services, requests must be sent as HTTP POST requests to http://ws.audioscrobbler.com/2.0/ with form urlencoded parameters in the body of the request. The text encoding must be UTF-8.

LastFM’s API hasn’t been updated much since I first signed up (ages ago), and it’s not up to us to figure out what works and what not, but as long as that https post request gets an xml reply like this:

Sample Response

<?xml version='1.0' encoding='utf-8'?>
<lfm status="ok">
  <nowplaying>
    <track corrected="0">Test Track</track>
    <artist corrected="0">Test Artist</artist>
    <album corrected="0"></album>
    <albumArtist corrected="0"></albumArtist>
    <ignoredMessage code="0"></ignoredMessage>
  </nowplaying>
</lfm>

it should be ok

Yeah sure, but do they?

Apparently since at least 2016

1 Like