Week 021 — Geolocation, HTTPS, and a Relative Path

HTTPS is easy to forget about until geolocation needs it.

Week of April 7, 2025

Progress

The found item API backend got its first real implementation this week: the finder submits their information, the backend receives it, stores the relevant data in the lost_items table, and returns a response. Image upload is working in this flow — the found picture gets processed and attached to the lost item record.

Geolocation collection was added for the "leave in place" return option. The finder's coordinates are captured and stored with the found report, which will eventually let the owner see where the item is on a map. The complication: geolocation requires HTTPS, and the development environment was still HTTP-only. Set up HTTPS in Docker using a self-signed certificate. Browsers still flag it as untrusted — that's the nature of self-issued certs — but the geolocation API works.

The user class refactor got some movement, and the found page now handles both the logged-in and logged-out finder cases — loading the user's contact information for logged-in finders, and showing a contact info form for those who aren't registered.

The Hard Part

The logout function stopped working on the found page. It worked fine on the items page. The difference: the found page is served at a path like /found/abc123, not at root. When the JavaScript fetch() call used a relative path to reach api/api-logout, the browser resolved it relative to /found/, not to root — ending up at /found/api/api-logout, which doesn't exist.

Fixed by switching to an absolute path. Second relative path bug fixed in the same day. After this one, started a personal policy of always using absolute paths in fetch() calls.

Learnings

Relative paths in fetch calls behave like relative paths in HTML — relative to the document's URL, not the project root. A page served at a nested URL breaks any fetch that assumes root-relative behavior.

Next Week

The found item end-to-end flow is close. Image resize is still on the list — currently images are uploaded at full size, which is unnecessarily large for this use case. Researching client-side resize before upload.