| |
| META TOPICPARENT |
name="SampInfo" |
Web SAMP and HTTPS
The SAMP Web Profile allows web applications to talk to other SAMP clients, communicating with the Hub using an XMLHttpRequest to a well-known port (21012) on the local host. There are problems with doing this if the web page hosting the web application is served from HTTPS rather than HTTP, since access to the hub URL http://localhost:21012/ constitutes mixed active content, which is generally blocked by browsers. This issue has been known since 2014, but is becoming more pressing as more data providers use HTTPS for service delivery. See Presentation at Sydney Interop (2015) for more details.
A possible solution was proposed that defines a new Profile involving use of an external Relay service and abuse of mixed passive content to bootstrap communications, as described in Taylor presentation at Cape Town Interop (2016). This has been shown to work, e.g. it is currently deployed at ASI-SSDC based on a custom/prototype JSAMP hub, see Verrecchia presentation at Paris Interop (2019). This solution however is not elegant, efficient, robust or nice.
Following discussion at Groningen Interop (2019), some more progress was made that could get HTTPS-based web applications to use the Web Profile as it stands:
- Sonia Zorba prepared a browser extension samp-browser-extension that lets browsers do this
- Felix Stoehr pointed out that this just works in some browsers anyway. This was a surprise, that arises from changes to the various w3c security standards over the last few years (see analysis).
These two developments may provide a good-enough solution to this problem; some (hopefully increasingly many) browsers will work anyway, and for others users can be encouraged to install a browser extension that will make them work. However it's not currently clear which browsers are in which category. A table below summarises reports to date: if you can add to this information by trying it out on your browser/OS platform, please do:
Please help by trying this out using your browser/OS combination(s):
To work out the status of HTTPS+SAMP on your browser/OS, follow these very easy instructions:
- Start a SAMP Hub+client on your machine (e.g. run TOPCAT)
- Visit this HTTP page. Click the button.
- A popup should appear asking you to allow SAMP registration from a web application (with an
http://... Origin). Accept, and a table should be loaded in TOPCAT. (If this doesn't happen, your problems are not related to HTTPS)
- Visit this HTTPS page. Click the button.
- Either as before, you are prompted to allow registration (for a web app with an
https://... Origin) and a table is loaded in TOPCAT as before - this means SAMP+HTTPS does work on your browser
- Or nothing happens - this means SAMP+HTTPS does not work on your browser.
- Record in the table below whether it did or didn't work ("yes" or "no" in the Works out of the box? column)
If you've done that but don't have easy write access to the wiki, you can mail your results to either m.b.taylor@bristol.ac.uk or apps-samp@ivoa.net.
(If you want to try some more interesting examples, including 2-way communications, others are available: HTTP / HTTPS. I'm expecting that if HTTPS works/fails for one SAMP example it will be the same for all, but if you find different, please report it).
-- MarkTaylor - 2019-10-05
| HTTPS + SAMP Survey |
| Browser |
Version |
OS |
Works out of the box? |
Reporter |
| Chrome |
77 |
Ubuntu |
yes |
Felix Stoehr |
| Chromium |
78.0 |
Ubuntu |
yes |
Mark Taylor |
| Chromium |
85.0 |
Ubuntu |
yes |
Mark Taylor |
| Firefox |
70.0.1 |
OSX Mojave |
yes |
Felix Stoehr |
| Firefox |
70.0 |
Ubuntu |
no |
Felix Stoehr |
| Firefox |
59 |
RHEL6 |
no |
Mark Taylor |
| Firefox |
70.0.1 |
Ubuntu |
no |
Mark Taylor |
| Firefox |
81.0 |
Ubuntu |
yes |
Mark Taylor |
| Firefox Nightly |
75.0 (64-bit) |
GUIX |
yes |
Hugo Buddelmeijer |
| Chrome |
85.0 |
MacOS 10.13.6 |
yes |
Thomas Boch |
| Firefox |
81.0 |
MacOS 10.13.6 |
yes |
Thomas Boch |
| Safari |
13.1.2 |
MacOS 10.13.6 |
no |
Thomas Boch |
| Chrome |
85.0 |
Fedora 31 |
yes |
Marco Molinaro |
| Firefox |
80.0 |
Fedora 31 |
yes |
Marco Molinaro |
|
