LaurensRietveld
commented
7 years ago Sounds good, except the auto redirect: https endpoints aren't queryable (without a proxy) from http
Closed wouterbeek closed 6 years ago
LaurensRietveld
commented
7 years ago Sounds good, except the auto redirect: https endpoints aren't queryable (without a proxy) from http
wouterbeek
commented
7 years ago @LaurensRietveld I do not fully understand what you mean. HTTPS SPARQL endpoints can be queried from an HTTP deployment of YASGUI. Specifically, https://dbpedia.org/sparql can be queried with http://yasgui.org
LaurensRietveld
commented
7 years ago It uses the yasgui sparql proxy though. That's something that introduces latency, so I'd like to avoid using the proxy if that's possible
wouterbeek
commented
7 years ago @LaurensRietveld I still need a bit more help to understand this... If I go to http://yasgui.org and I send a query to endpoint https://dbpedia.org/sparql, which SPARQL proxy is used for that?
LaurensRietveld
commented
7 years ago This one: https://github.com/OpenTriply/YASGUI.server It's used when yasgui can't access an url from the client (e.g. When it's not CORS enabled, or when it's an http - > https request). To verify check where the request goes in your browser toolbar when executing the query
wouterbeek
commented
7 years ago Thanks for clarifying! Please check whether my understanding is correct now (just to be sure): if YASGUI moves to HTTPS fully, the following two situations arise:
(2) is fine, but (1) is not possible out-of-the-box, because HTTP SPARQL endpoints are not allowed to be queried from within the HTTPS YASGUI deployment. What is possible is to let a proxy translate between the HTTPS YASGUI deployment and the HTTP SPARQL endpoint.
wouterbeek
commented
7 years ago BTW I tried (1) above and this is what the Chrome developer console tells me:
Mixed Content: The page at 'https://yasgui.org/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://dbpedia.org/sparql?query=ASK%20%7B%3Fx%20%3Fy%20%3Fz%7D'. This request has been blocked; the content must be served over HTTPS.
So currently this proxy that you refer to does not yet work for upgrading HTTP->HTTPS requests?
LaurensRietveld
commented
7 years ago Ha! I expected that to work. Definitely a bug though. But anyway, a good reason the keep the http version for now 😉
wouterbeek
commented
7 years ago I agree, if HTTP endpoints cannot be queried from within an HTTPS YASGUI, then an HTTP YASGUI deployment should remain in place (and should also be the default) for quite some time.
However, it is nice that people who know that they will only query HTTPS SPARQL endpoints can also use https://yasgui.org (but this should not be the default).
LaurensRietveld
commented
6 years ago The bug where https endpoints can't be accessed via http is resolved now as well. closing
Currently most links point to http://yasgui.org, but https://yasgui.org also exists.
Updating those links in documentation etc. is easy and something I can do. In addition, the HTTP version should redirect to the HTTPS version.