From 0cc7a4add8b919757bb8515744efa3141bc059ef Mon Sep 17 00:00:00 2001
From: tomaioo <hongsaygio.com@gmail.com>
Date: Mon, 11 May 2026 23:13:00 -0700
Subject: [PATCH] fix(security): insecure http urls in location service

The location service uses HTTP URLs instead of HTTPS for network requests to geojs.io, ip-api.com, and ipwho.is. This exposes users to potential Man-in-the-Middle (MITM) attacks where an attacker could intercept or manipulate location data.

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
---
 .../5.4/src/service/location.py                             | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cinnamon-dynamic-wallpaper@TobiZog/files/cinnamon-dynamic-wallpaper@TobiZog/5.4/src/service/location.py b/cinnamon-dynamic-wallpaper@TobiZog/files/cinnamon-dynamic-wallpaper@TobiZog/5.4/src/service/location.py
index 40831a1c..761e029e 100644
--- a/cinnamon-dynamic-wallpaper@TobiZog/files/cinnamon-dynamic-wallpaper@TobiZog/5.4/src/service/location.py
+++ b/cinnamon-dynamic-wallpaper@TobiZog/files/cinnamon-dynamic-wallpaper@TobiZog/5.4/src/service/location.py
@@ -11,11 +11,11 @@ def get_location(self, provider: NetworkLocationProvider) -> dict:
         dict: latitude and longitude
     """
     if provider == NetworkLocationProvider.GEOJS:
-      url = "http://get.geojs.io/v1/ip/geo.json"
+      url = "https://get.geojs.io/v1/ip/geo.json"
     elif provider == NetworkLocationProvider.IPAPI:
-      url = "http://ip-api.com/json/?fields=61439"
+      url = "https://ip-api.com/json/?fields=61439"
     elif provider == NetworkLocationProvider.IPWHOIS:
-      url = "http://ipwho.is"
+      url = "https://ipwho.is"
 
     try:
       request = urllib.request.urlopen(url)