![]() For the transmission of some sensitive information, such as credit card numbers, passwords, etc. Therefore, the HTTP protocol is not applicable. An attacker can easily intercept the clear text data transmitted between the client and the website server through data packet capture, and directly obtain important information. The HTTP protocol sends content in clear text and does not provide any data encryption. These functions make the WeChat official account a big data center, and at the same time make everyone have higher expectations for information security. Guangdong Unicom, China Merchants Bank Credit Card Center, China Southern Airlines and other companies have begun to provide services based on the official account the "Shenzhen Traffic Police" official account uses WeChat as the entrance, allowing users to enjoy scan code payment, face authentication to bind vehicles and driver's licenses, WeChat payment electronic Receipt and other functions WeChat's new function "WeChat Payment Merchant Assistant" applet, which can obtain recent customer consumption data and other content Hundreds of millions of people use various services such as appointment registration and takeaway orders on the official account. Nowadays, more and more WeChat official accounts are empowered, and functions such as login authorization, obtaining basic user information, and obtaining user geographic location are gradually opened to WeChat authentication accounts. In recent years, WeChat has continuously opened up various interface capabilities and data capabilities of the platform to third parties, allowing third parties to help the official account meet vertical industry needs. Why does the WeChat interface have to use HTTPS? But starting from December 30 this year, only the more secure HTTPS can call the interface, thus ensuring the security of users' personal information. It can be successfully called whether using http or https before. Basic information, such as nickname, avatar, gender, city area, etc. Taking H5 as an example, when we first logged in to the H5 page, it would display "This page is developed by XXX, please confirm the authorization of the following information", which means that the H5 is accessing the WeChat server, and the individual of the WeChat user needs to be called from the WeChat server. For URL access to .com from programming languages such as javascript, please change from HTTP to HTTPS. ![]() If the HTML page accesses the URL of .com, if it is HTTP, please specify HTTPS directly. For the modification method, please check the support of HTTPS in various programming languages. The background program calls the interface of .com, using the HTTPS method, and connecting to port 443. Suggestions for switching the interface calling method to HTTPS calling: 1. The platform will stop supporting HTTP calls on December 30, 2017. To avoid affecting services that contain HTTP calls in normal use, developers are requested to adjust as soon as possible, and switch existing HTTP calls to HTTPS calls. WeChat Announcement Text: To ensure data transmission security and improve business security, the official platform will no longer support HTTP calls. WeChat Official Account API Stops Supporting HTTP Calls There are 3 months left until the deadline required by WeChat, how can developers quickly upgrade the relevant servers to HTTPS encryption within 3 months? In September, the WeChat public platform issued an announcement requiring developers to switch existing services called via HTTP to HTTPS calls as soon as possible.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |