Open mrpatrickwest opened 10 years ago
zednis
commented
9 years ago I would like to start working on this. @mrpatrickwest are there any error messages available that we can use to start identifying which usages of http:// to convert first? This is a pretty broad issue and we have many many instances of http:// spread throughout the code and RDF and I don't know which ones are ok (if any) and which are problematic.
mrpatrickwest
commented
9 years ago If you enable developer tools in Chrome and go to the Console, go to this page: https://data.deepcarbon.net/browsers/datasets.html, you'll see the errors, like the ones listed at the bottom of this comment.
Part of the problem is that when we tried to copy the javascript and other files to deepcarbon machine we were missing some. A configuration option. A missing file. Something. After a hours of looking, we couldn't find what we were missing. Some of the content was still going to http from https. I simply changed the rewrite rules for https to not rewrite for the browser pages.
Another part of the problem is there's hard-coded URLs and other values in S2S that make it difficult to eliminate this problem.
In a lot of cases I was able to change the links from http:// to just //, and javaScript knows how to deal with that.
So I know there's a number of things that we can do to resolve this issue.
Just some thoughts. And here are some examples of the errors:
XMLHttpRequest cannot load http://data.deepcarbon.net:8081/s2s/proxy. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://data.deepcarbon.net' is therefore not allowed access. datasets.html:1
The page at 'https://data.deepcarbon.net/browsers/datasets.html' was loaded over HTTPS, but displayed insecure content from 'http://data.deepcarbon.net:8081/s2s/metadata?type=widgets&input=http%3A//da…//escience.rpi.edu/ontology/sesf/s2s-core/4/0/LabelIdContextCountJsonArray': this content should also be loaded over HTTPS.
[blocked] The page at 'https://data.deepcarbon.net/browsers/datasets.html' was loaded over HTTPS, but ran insecure content from 'http://escience.rpi.edu/s2s/4.0/scripts/widgets/ResultsListWidget.js': this content should also be loaded over HTTPS.
zednis
commented
9 years ago Right now I am working on this for the DCO faceted browser. The solution at present appears to be to use HTTPS links in the S2S config RDF and for both the open search URLs and the S2S servlet URL referenced in the deployment's s2s-config.js.
There are still some odd behaviors with getting the S2S servlet to successfully read in the search service descriptions and respond over HTTPS.
zednis
commented
9 years ago see https://jira.tw.rpi.edu/browse/DCO-20 for details on the DCO S2S browsers under HTTPS.
In the DCO-DS project we are wanting to use s2s embedded in drupal. We've switched to https for deepcarbon.net, but that breaks the use of s2s because it's loading all the .js using http, which isn't allowed.
Need to support both http and https. Not sure if you can use relative protocol? Instead of http://escience use //escience.rpi. I know that works when specifying a script, but not sure about loading the .js.