Difference: WebSampHttps (7 vs. 8)

Revision 82020-10-13 - MarkTaylor

 
META TOPICPARENT name="SampInfo"

Web SAMP and HTTPS

Changed:
<
<		The SAMP Web Profile allows web applications to talk to other SAMP clients, communicating with the Hub using an XMLHttpRequest to a well-known port (21012) on the local host. There are problems with doing this if the web page hosting the web application is served from HTTPS rather than HTTP, since access to the hub URL http://localhost:21012/ constitutes mixed active content, which is generally blocked by browsers. This issue has been known since 2014, but is becoming more pressing as more data providers use HTTPS for service delivery. See Presentation at Sydney Interop (2015) for more details.
>
>

Problem

Added:
>
>		The SAMP Web Profile allows web applications to talk to other SAMP clients, communicating with the Hub using an XMLHttpRequest to a well-known port (21012) on the local host. There are problems with doing this if the web page hosting the web application is served from HTTPS rather than HTTP, since access to the hub URL http://localhost:21012/ counts (at least in some interpretations) as mixed active content, which is generally blocked by browsers. This issue has been known since 2014, but is becoming more pressing as more data providers use HTTPS for service delivery. See Presentation at Sydney Interop (2015) for more details.
 
Changed:
<
<		A possible solution was proposed that defines a new Profile involving use of an external Relay service and abuse of mixed passive content to bootstrap communications, as described in Taylor presentation at Cape Town Interop (2016). This has been shown to work, e.g. it is currently deployed at ASI-SSDC based on a custom/prototype JSAMP hub, see Verrecchia presentation at Paris Interop (2019). This solution however is not elegant, efficient, robust or nice.
>
>

Bad solution

Added:
>
>		A possible solution was proposed that defines a new Profile involving use of an external Relay service and abuse of mixed passive content to bootstrap communications, as described in Taylor presentation at Cape Town Interop (2016). This has been shown to work, e.g. it is currently deployed at ASI-SSDC based on a custom/prototype JSAMP hub, see Verrecchia presentation at Paris Interop (2019). This solution however is not elegant, efficient, robust or nice. There is some more discussion of this as well as alternative bad solutions in https://arxiv.org/abs/1912.00917 (presented by Taylor at ADASS 2019; this paper is now mostly obsolete).
 
Added:
>
>

Good solution?

 Following discussion at Groningen Interop (2019), some more progress was made that could get HTTPS-based web applications to use the Web Profile as it stands:
Changed:
<
<
  • Sonia Zorba prepared a browser extension samp-browser-extension that lets browsers do this
  • Felix Stoehr pointed out that this just works in some browsers anyway. This was a surprise, that arises from changes to the various w3c security standards over the last few years (see analysis).
>
>
  • Felix Stoehr pointed out that in recent tests, this just works in some browsers anyway, i.e. the problem has just gone away. This was a surprise, that arises from changes to the various w3c security standards over the last few years (see analysis).
  • Sonia Zorba prepared a browser extension samp-browser-extension for browsers that still have problems with this
Deleted:
<
<		These two developments may provide a good-enough solution to this problem; some (hopefully increasingly many) browsers will work anyway, and for others users can be encouraged to install a browser extension that will make them work. However it's not currently clear which browsers are in which category. A table below summarises reports to date: if you can add to this information by trying it out on your browser/OS platform, please do:
 
Changed:
<
<

Please help by trying this out using your browser/OS combination(s):

>
>		These two developments may provide a good-enough solution to this problem; some (hopefully increasingly many) browsers will work anyway, and for others users can be encouraged to install a browser extension that will make them work.
 
Changed:
<
<		To work out the status of HTTPS+SAMP on your browser/OS, follow these very easy instructions:
>
>

Current status

Added:
>
>		 We are assessing which browsers now support Web SAMP over HTTPS without making any special arrangements. Thanks to those who have tried out browser/OS combinations following the instructions below. The headline result seems to be:

  • Recent versions of Firefox and Chrome: SAMP over HTTPS works with no problems
  • Safari: SAMP over HTTPS doesn't work
  • Others: Vivaldi works

The OS doesn't seem to make a difference (Linux, MacOS, Windows 10 all tried).

This looks quite positive; services may decide on that basis that it's worth providing Web SAMP in HTTPS-based services on the basis that they will work for many/most users. Optionally, they could provide the browser extensions for others.

If you use a browser not in the above list, please consider following the instructions below to try it out and add your results into the table (or if you have trouble editing the wiki you can mail m.b.taylor@bristol.ac.uk and I'll add them).

You can try this out using your browser/OS combination(s):

To work out the status of HTTPS+SAMP on your browser/OS, follow these easy instructions:

 
  1. Start a SAMP Hub+client on your machine (e.g. run TOPCAT)
  2. Visit this HTTP page. Click the button.
    • A popup should appear asking you to allow SAMP registration from a web application (with an http://... Origin). Accept, and a table should be loaded in TOPCAT. (If this doesn't happen, your problems are not related to HTTPS)
  3. Visit this HTTPS page. Click the button.
    • Either as before, you are prompted to allow registration (for a web app with an https://... Origin) and a table is loaded in TOPCAT as before - this means SAMP+HTTPS does work on your browser
    • Or nothing happens - this means SAMP+HTTPS does not work on your browser.
  4. Record in the table below whether it did or didn't work ("yes" or "no" in the Works out of the box? column)
If you've done that but don't have easy write access to the wiki, you can mail your results to either m.b.taylor@bristol.ac.uk or apps-samp@ivoa.net.

(If you want to try some more interesting examples, including 2-way communications, others are available: HTTP / HTTPS. I'm expecting that if HTTPS works/fails for one SAMP example it will be the same for all, but if you find different, please report it).

-- MarkTaylor - 2019-10-05

HTTPS + SAMP Survey
Browser Version OS Works out of the box? Reporter
Chrome 77 Ubuntu yes Felix Stoehr
Chromium 78.0 Ubuntu yes Mark Taylor
Chromium 85.0 Ubuntu yes Mark Taylor
Firefox 70.0.1 OSX Mojave yes Felix Stoehr
Firefox 70.0 Ubuntu no Felix Stoehr
Firefox 59 RHEL6 no Mark Taylor
Firefox 70.0.1 Ubuntu no Mark Taylor
Firefox 81.0 Ubuntu yes Mark Taylor
Firefox Nightly 75.0 (64-bit) GUIX yes Hugo Buddelmeijer
Chrome 85.0 MacOS 10.13.6 yes Thomas Boch
Firefox 81.0 MacOS 10.13.6 yes Thomas Boch
Safari 13.1.2 MacOS 10.13.6 no Thomas Boch
Chrome 85.0 Fedora 31 yes Marco Molinaro
Firefox 80.0 Fedora 31 yes Marco Molinaro
Changed:
<
<
Chrome 85.0. MacOS 10.11.3 yes Susana Sánchez Expósito
Firefox 78.2 MacOS 10.11.3 yes Susana Sánchez Expósito
Safari 9.0.3 MacOS 10.11.3 No Susana Sánchez Expósito
Firefox 81.0 MacOS 10.14.6 Yes Susana Sánchez Expósito
Chrome 85.0 MacOS 10.14.6 Yes Susana Sánchez Expósito
Safari 13.1 MacOS 10.14.6 No Susana Sánchez Expósito
>
>
Chrome 85.0. MacOS 10.11.3 yes Susana Sánchez Expósito
Firefox 78.2 MacOS 10.11.3 yes Susana Sánchez Expósito
Safari 9.0.3 MacOS 10.11.3 No Susana Sánchez Expósito
Firefox 81.0 MacOS 10.14.6 Yes Susana Sánchez Expósito
Chrome 85.0 MacOS 10.14.6 Yes Susana Sánchez Expósito
Safari 13.1 MacOS 10.14.6 No Susana Sánchez Expósito
 
Firefox 81.0(64 bits) Ubuntu 20.04.1 LTS yes Regis Haigron
Firefox 80 Windows 10 yes Regis Haigron
Firefox 81.0(64 bits) Ubuntu 18.04.1 LTS yes Pierre Le Sidaner
Chrome 86.0.4240.75 Ubuntu 18.04.1 LTS Yes Pierre Le Sidaner
Vivaldi 3.3.2022.47 Ubuntu 18.04.1 LTS Yes Pierre Le Sidaner
Added:
>
>
Chrome 84.0.4147.125 MacOS 10.12.5 Yes Juan Carlos Segovia
Safari 10.1.1 MacOS 10.12.5 No Juan Carlos Segovia
Firefox 75.0 MacOS 10.12.5 Yes Juan Carlos Segovia
  For more discussion on this topic, see the apps-samp mailing list.
View topic | History: r25 < r24 < r23 < r22 | More topic actions...
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback