HTTPS and SAMP
Mark Taylor
m.b.taylor at bristol.ac.uk
Tue Jul 16 09:34:15 PDT 2013
On Mon, 17 Sep 2012, Tom McGlynn wrote:
> We're looking at moving a WebSAMP-enabled application from an HTTP URL
> (http://heasarc.gsfc.nasa.gov/xamin) to an HTTPS URL. (There can be a user
> login associated with xamin, so password security is an issue.) However it
> looks like when we do this, we are no longer able to talk to the SAMP hub (or
> at least the one started by TOPCAT). I'm guessing this is a problem with
> whatever scheme SAMP is using to get around the cross-site scripting limits in
> JavaScript - it's able to handle multiple ports, but not a different scheme.
> We're using a slightly modified version of Mark's JavaScript SAMP library.
>
> Does anyone have any experience with this to confirm this or suggest how we
> might address it? Or should this work fine and I need to look elsewhere for
> the problem? Before I went digging into this I wanted to check if this was
> already a known issue.
Tom and anybody else,
having received a similar query from somebody else and this time
worked out how to test it out for myself, I think I may have an
answer for this.
It looks like the problem is an oversight in the JSAMP Web Profile
CORS implementation - it only allows http, not https as the scheme
for Origins applying to register. If you're still in a position to
test it, try it out running the hub here:
ftp://andromeda.star.bris.ac.uk/pub/star/jsamp/pre/jsamp-1.3-3+.jar
If that's it, I'll make a fixed release, though it will take some
time to filter out to people's desktops.
I'm not sure why I restricted Origin to http:* in the existing
implementation. If anybody can offer any guesses other than
just me making a mistake (in particular any security or other reason
why I shouldn't extend it to https:* as well), please say.
Any other comments from people who have or haven't had success
with HTTPS and web samp welcome too.
Mark
--
Mark Taylor Astronomical Programmer Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-9288776 http://www.star.bris.ac.uk/~mbt/
More information about the apps-samp
mailing list