WEB-1080

https://api.mojang.com/user/profile/###/skins and https://api.mojang.com/user/profile/###/cape provide http texture URL causing minecraft.net to load from insecure sources

The bug

The APIs https://api.mojang.com/user/profile/###/skins and https://api.mojang.com/user/profile/###/cape (requires authentication) provide the textures URL using http instead of https as protocol. This causes minecraft.net to load from insecure sources.

[{
    ...
    "type": "SKIN",
    "url": "http://textures.minecraft.net/texture/ce10781622b8cbe9482006b74ff3af6c70f964f8c36bcb7bb088e6c736efcced",
    "visible": true,
    "profileId": "0fec4f7a6a9b4c43ad1b235e7fbc9822",
    "textureId": "ce10781622b8cbe9482006b74ff3af6c70f964f8c36bcb7bb088e6c736efcced",
    "selected": true,
    "deleted": false,
    "version": 2
}]

How to reproduce

Open https://my.minecraft.net/en-us/profile/skin
Login
→ Your browser might indicate that content from insecure sources was loaded

Status:Fixed

Reporter:Marcono1234

Assignee:[Mojang] Web Team

Created:2018-07-16, 08:17 PM

Updated:2022-06-20, 09:03 AM

Resolved:2022-06-13, 01:14 PM

Votes:0

Watchers:1

Labels:http, https, skin