search

tangrams / tangram-play

Text editor web app for Tangram scenes
https://tangram.city/play/
MIT License
96 stars 27 forks source link

Unable to load tiles over HTTP #533

Closed pnorman closed 2 years ago

pnorman commented 8 years ago

I wanted to use Tangram Play with locally produced tiles. When I added http://192.168.1.1:6789/osm-clear.tm2source/tile/{z}/{x}/{y}.pbf as a source and tried to style it, I got this error

Mixed Content: The page at 'https://mapzen.com/tangram/play/#14.8186/49.2463/-123.2449' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://192.168.1.1:6789/osm-clear.tm2source/tile/14/2582/5607.pbf'. This request has been blocked; the content must be served over HTTPS.
pnorman commented 8 years ago

I suppose technically this might be a deployment bug, not a bug in tangram-play itself because it would probably work with a tangram-play instance hosted on HTTP.

louh commented 8 years ago

Yes, if Tangram Play was served over http, then it would be able to read your tile source. We had relaxed the server rules at one point to allow Tangram Play users who needed custom tiles to read from http sources by going to http://mapzen.com/tangram/play/ instead of using https, but a recent change in deployment process seems to have reverted this. I'll check in with our engineering team to see if we can put it back.

Have you tried using a protocol-relative url, e.g. //192.168.1.1:6789/osm-clear.tm2source/tile/{z}/{x}/{y}.pbf? This sometimes works.

You could also set up a self-signed certificate for your own environment so you could serve tiles via https.

Hope that helps. We run into this problem on our team too because of all the development work we do, but until you reported this, it seemed like it was our own problem and not something outside users would run into :)

pnorman commented 8 years ago

I'll check in with our engineering team to see if we can put it back.

One option if mapzen.com can't go to HTTP for these pages is to host it on GitHub pages. I've seen CI bots auto-build master and push it to gh-pages. I think GH pages can still do HTTP on github.io, and only supports HTTP for custom domains. If HSTS is enabled on mapzen.com this might be the best option.

Have you tried using a protocol-relative url, e.g. //192.168.1.1:6789/osm-clear.tm2source/tile/{z}/{x}/{y}.pbf? This sometimes works.

That would request the tiles over HTTPS which I'm not serving them on, so doesn't seem to be an option.

You could also set up a self-signed certificate for your own environment so you could serve tiles via https.

In development I'm serving tiles with Kosmtik which uses a lightweight nodejs server to serve tiles, similar to tangram-play's npm start. If it is possible, serving it up on HTTPS would be difficult.

Hope that helps. We run into this problem on our team too because of all the development work we do, but until you reported this, it seemed like it was our own problem and not something outside users would run into :)

I think anyone developing vector tiles to use with Tangram would hit this. There's not too many people doing this yet but I'm hoping it will pick up, as it's essential to build a community around the infrastructure for what I want to do.

I also probably won't be adding HTTPS support right away for my tiles if I set them up on a public server.

louh commented 8 years ago

We did used to serve Tangram Play on GitHub pages! We moved it to mapzen.com so that we could build in some other features like user sign-in and (soon) saving scenes to user accounts.

GitHub's recent pages publishing improvement makes it easier to deploy a GitHub Pages version straight from master as opposed to maintaining a separate gh-pages branch, but I'd rather explore our options in supporting HTTP tiles transparently. Ideally we can quietly proxy tiles hosted on HTTP.

Have you tried running Tangram Play locally?

louh commented 8 years ago

OK, I've just chatted with our web engineer and HTTP is turned back on for http://mapzen.com/tangram/play/. If it still forwards to HTTPS, you may need to clear your cache because the browser is remembering a permanent redirect.

On HTTP, mapzen.com services like auth will be disabled.

bcamper commented 8 years ago

@pnorman also, it is definitely a pain, but some local servers like https://github.com/indexzero/http-server can serve under SSL if you generate a self-signed certificate (I've used this with Play hosted on https).

pnorman commented 8 years ago

Have you tried running Tangram Play locally?

Yes, and it works. Long-term if I publish what I'm doing I'd probably build tangram-play for different reasons: changing the examples to use my example styles and tiles.