Open-EO / openeo-wcps-driver

A prototype implementation for WC(P)S backends
Apache License 2.0
4 stars 0 forks source link

Support for HTTPS #5

Closed m-mohr closed 5 years ago

m-mohr commented 5 years ago

The API requires HTTPS (instead of HTTP) for the API as authentication credentials with HTTP Basic, OAuth2 and OpenID Connect are transmitted without encryption to the server so they can "easily" be sniffed by a third-person. Therefore the WCPS driver should support HTTPS and the deployed instance should activate it by default.

Another issue is, that the Web Editor, which is deployed with HTTPS can't connect to HTTP back-ends due to browsers forbidding "mixed content" (i.e. forbidding insecure HTTP connections being established by secure/HTTPS web pages). Providing the Web Editor with HTTP would promote insecure workflows and therefore is not desirable.

aljacob commented 5 years ago

@m-mohr we are looking into it! @arcostarusty could please help with the setup?

arcostarusty commented 5 years ago

@aljacob Ok, I'll setup the HTTPS authentication for the application server that runs the WCPS driver

aljacob commented 5 years ago

https is now available