Web SAMP and HTTPS

The SAMP Web Profile allows web applications to talk to other SAMP clients, communicating with the Hub using an XMLHttpRequest to a well-known port (21012) on the local host. There are problems with doing this if the web page hosting the web application is served from HTTPS rather than HTTP, since access to the hub URL http://localhost:21012/ constitutes mixed active content, which is generally blocked by browsers. This issue has been known since 2014, but is becoming more pressing as more data providers use HTTPS for service delivery. See Presentation at Sydney Interop (2015) for more details.

A possible solution was proposed that defines a new Profile involving use of an external Relay service and abuse of mixed passive content to bootstrap communications, as described in Taylor presentation at Cape Town Interop (2016). This has been shown to work, e.g. it is currently deployed at ASI-SSDC based on a custom/prototype JSAMP hub, see Verrecchia presentation at Paris Interop (2019). This solution however is not elegant, efficient, robust or nice.

Following discussion at Groningen Interop (2019), some more progress was made that could get HTTPS-based web applications to use the Web Profile as it stands:

  • Sonia Zorba prepared a browser extension samp-browser-extension that lets browsers do this
  • Felix Stoehr pointed out that this just works in some browsers anyway. This was a surprise, that arises from changes to the various w3c security standards over the last few years (see analysis).

These two developments may provide a good-enough solution to this problem; some (hopefully increasingly many) browsers will work anyway, and for others users can be encouraged to install a browser extension that will make them work. However it's not currently clear which browsers are in which category. A table below summarises reports to date: if you can add to this information by trying it out on your browser/OS platform, please do.

Note: I'm trying to get an HTTPS service set up on my machine so that I can give clear instructions how to make these tests. I will publicise this survey better when I've done that.

-- MarkTaylor - 2019-11-22

Survey
Browser Version OS Works out of the box? Works with samp-browser-extension Reporter
Chrome 77 Ubuntu yes   Felix Stoehr
Chromium 78.0 Ubuntu yes   Mark Taylor
Firefox 70.0.1 OSX Mojave yes   Felix Stoehr
Firefox 70.0 Ubuntu no   Felix Stoehr
Firefox 59 RHEL6 no   Mark Taylor
Firefox 70.0.1 Ubuntu no   Mark Taylor

For more discussion on this topic, see the apps-samp mailing list.

This topic: IVOA > WebHome > IvoaApplications > SampInfo > WebSampHttps
Topic revision: r1 - 2019-11-22 - MarkTaylor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback