HTTPS and SAMP
Mark Taylor
m.b.taylor at bristol.ac.uk
Thu Nov 22 14:47:04 PST 2012
Tom,
any progress on this? I certainly haven't tried it and I wouldn't
put money on it, but my expectation is that it ought to work.
Although cross-protocol comms quite likely are restricted in the
same way as cross-site ones, I would have thought that CORS,
since it allows the latter, would work with the former as well.
Running the JSAMP hub with HTTP-level logging
(java -jar jsamp.jar hub -profiles std,web -web:log http) might be
some help, though if the browser is blocking the request at source
it wouldn't.
Mark
On Mon, 17 Sep 2012, Tom McGlynn wrote:
> We're looking at moving a WebSAMP-enabled application from an HTTP URL
> (http://heasarc.gsfc.nasa.gov/xamin) to an HTTPS URL. (There can be a user
> login associated with xamin, so password security is an issue.) However it
> looks like when we do this, we are no longer able to talk to the SAMP hub (or
> at least the one started by TOPCAT). I'm guessing this is a problem with
> whatever scheme SAMP is using to get around the cross-site scripting limits in
> JavaScript - it's able to handle multiple ports, but not a different scheme.
> We're using a slightly modified version of Mark's JavaScript SAMP library.
>
> Does anyone have any experience with this to confirm this or suggest how we
> might address it? Or should this work fine and I need to look elsewhere for
> the problem? Before I went digging into this I wanted to check if this was
> already a known issue.
>
> Thanks,
> Tom McGlynn
>
--
Mark Taylor Astronomical Programmer Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-9288776 http://www.star.bris.ac.uk/~mbt/
More information about the apps-samp
mailing list