Difference: WebSampHttps (2 vs. 3)

Revision 32020-10-05 - HugoBuddelmeijer

 
META TOPICPARENT name="SampInfo"

Web SAMP and HTTPS

Changed:
<
<		The SAMP Web Profile allows web applications to talk to other SAMP clients, communicating with the Hub using an XMLHttpRequest to a well-known port (21012) on the local host.
>
>		The SAMP Web Profile allows web applications to talk to other SAMP clients, communicating with the Hub using an XMLHttpRequest to a well-known port (21012) on the local host. There are problems with doing this if the web page hosting the web application is served from HTTPS rather than HTTP, since access to the hub URL http://localhost:21012/ constitutes mixed active content, which is generally blocked by browsers. This issue has been known since 2014, but is becoming more pressing as more data providers use HTTPS for service delivery. See Presentation at Sydney Interop (2015) for more details.
Deleted:
<
<		There are problems with doing this if the web page hosting the web application is served from HTTPS rather than HTTP, since access to the hub URL http://localhost:21012/ constitutes mixed active content, which is generally blocked by browsers. This issue has been known since 2014, but is becoming more pressing as more data providers use HTTPS for service delivery. See Presentation at Sydney Interop (2015) for more details.
 
Changed:
<
<		A possible solution was proposed that defines a new Profile involving use of an external Relay service and abuse of mixed passive content to bootstrap communications, as described in Taylor presentation at Cape Town Interop (2016). This has been shown to work, e.g. it is currently deployed at ASI-SSDC based on a custom/prototype JSAMP hub, see Verrecchia presentation at Paris Interop (2019). This solution however is not elegant, efficient, robust or nice.
>
>		A possible solution was proposed that defines a new Profile involving use of an external Relay service and abuse of mixed passive content to bootstrap communications, as described in Taylor presentation at Cape Town Interop (2016). This has been shown to work, e.g. it is currently deployed at ASI-SSDC based on a custom/prototype JSAMP hub, see Verrecchia presentation at Paris Interop (2019). This solution however is not elegant, efficient, robust or nice.
  Following discussion at Groningen Interop (2019), some more progress was made that could get HTTPS-based web applications to use the Web Profile as it stands:
Changed:
<
<
  • Felix Stoehr pointed out that this just works in some browsers anyway. This was a surprise, that arises from changes to the various w3c security standards over the last few years (see analysis).
>
>
  • Felix Stoehr pointed out that this just works in some browsers anyway. This was a surprise, that arises from changes to the various w3c security standards over the last few years (see analysis).
Added:
>
>		These two developments may provide a good-enough solution to this problem; some (hopefully increasingly many) browsers will work anyway, and for others users can be encouraged to install a browser extension that will make them work. However it's not currently clear which browsers are in which category. A table below summarises reports to date: if you can add to this information by trying it out on your browser/OS platform, please do:
 
Deleted:
<
<		These two developments may provide a good-enough solution to this problem; some (hopefully increasingly many) browsers will work anyway, and for others users can be encouraged to install a browser extension that will make them work. However it's not currently clear which browsers are in which category. A table below summarises reports to date: if you can add to this information by trying it out on your browser/OS platform, please do:
 

Please help by trying this out using your browser/OS combination(s):

To work out the status of HTTPS+SAMP on your browser/OS, follow these very easy instructions:

  1. Start a SAMP Hub+client on your machine (e.g. run TOPCAT)
Changed:
<
<
  1. Visit this HTTP page. Click the button.
    • A popup should appear asking you to allow SAMP registration from a web application (with an http://... Origin). Accept, and a table should be loaded in TOPCAT. (If this doesn't happen, your problems are not related to HTTPS)
  2. Visit this HTTPS page. Click the button.
>
>
  1. Visit this HTTP page. Click the button.
    • A popup should appear asking you to allow SAMP registration from a web application (with an http://... Origin). Accept, and a table should be loaded in TOPCAT. (If this doesn't happen, your problems are not related to HTTPS)
  2. Visit this HTTPS page. Click the button.
 
    • Either as before, you are prompted to allow registration (for a web app with an https://... Origin) and a table is loaded in TOPCAT as before - this means SAMP+HTTPS does work on your browser
Changed:
<
<
    • Or nothing happens - this means SAMP+HTTPS does not work on your browser.
  1. Record in the table below whether it did or didn't work ("yes" or "no" in the Works out of the box? column)
>
>
    • Or nothing happens - this means SAMP+HTTPS does not work on your browser.
  1. Record in the table below whether it did or didn't work ("yes" or "no" in the Works out of the box? column)
Deleted:
<
<
 If you've done that but don't have easy write access to the wiki, you can mail your results to either m.b.taylor@bristol.ac.uk or apps-samp@ivoa.net.
Changed:
<
<		(If you want to try some more interesting examples, including 2-way communications, others are available: HTTP / HTTPS. I'm expecting that if HTTPS works/fails for one SAMP example it will be the same for all, but if you find different, please report it).
>
>		(If you want to try some more interesting examples, including 2-way communications, others are available: HTTP / HTTPS. I'm expecting that if HTTPS works/fails for one SAMP example it will be the same for all, but if you find different, please report it).
  -- MarkTaylor - 2019-10-05

HTTPS + SAMP Survey
Changed:
<
<
Browser Version OS Works out of the box? Reporter
Chrome 77 Ubuntu yes Felix Stoehr
Chromium 78.0 Ubuntu yes Mark Taylor
Chromium 85.0 Ubuntu yes Mark Taylor
Firefox 70.0.1 OSX Mojave yes Felix Stoehr
Firefox 70.0 Ubuntu no Felix Stoehr
Firefox 59 RHEL6 no Mark Taylor
Firefox 70.0.1 Ubuntu no Mark Taylor
Firefox 81.0 Ubuntu yes Mark Taylor
>
>
Browser Version OS Works out of the box? Reporter
Chrome 77 Ubuntu yes Felix Stoehr
Chromium 78.0 Ubuntu yes Mark Taylor
Chromium 85.0 Ubuntu yes Mark Taylor
Firefox 70.0.1 OSX Mojave yes Felix Stoehr
Firefox 70.0 Ubuntu no Felix Stoehr
Firefox 59 RHEL6 no Mark Taylor
Firefox 70.0.1 Ubuntu no Mark Taylor
Firefox 81.0 Ubuntu yes Mark Taylor
Added:
>
>
Firefox Nightly 75.0 (64-bit) GUIX yes Hugo Buddelmeijer
  For more discussion on this topic, see the apps-samp mailing list.
View topic | History: r25 < r24 < r23 < r22 | More topic actions...
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback