SAMP and HTTPS workaround?

Burke, Douglas dburke at cfa.harvard.edu
Thu Aug 22 17:19:58 CEST 2019 

Mark,

I've been using your WebSAMP JS library [1] with our WWT interface to the
Chandra Source Catalog - http://cxc.harvard.edu/csc2/wwt.html - to send
URLs that return a votable or fits file when retrieved (ie the URL is
actually a query and not to a file [2]). We are moving to https "soon" so I
am interested in any possible solution (once the WWT client is moved over
to https, that is).

Ta,
Doug

[1] so thanks for that
[2] thanks to a confluence of influences that aren't relevant here


On Thu, Aug 22, 2019 at 9:05 AM Mark Taylor <M.B.Taylor at bristol.ac.uk>
wrote:

> Dear SAMP users,
>
> the problem of Web SAMP and HTTPS has been under discussion
> for a while now - basically the Web Profile works fine with HTTP
> but won't work from pages served using HTTPS.  A possible HTTPS-capable
> profile has been prototyped, but it's pretty nasty.  There is much
> more information on the topic here:
>
>    http://andromeda.star.bristol.ac.uk/websamp/
>
> As an alternative to the HTTPS profile, I'm thinking about more
> lightweight workarounds.  One is just to provide a simple helper
> application that takes a suitable filename on the command line
> (VOTable table or FITS image) and sends it to a running SAMP
> client.  Such an application could be associated in the
> browser with suitable MIME types (application/x-votable+xml,
> image/fits), or you could just choose it when the browser
> asks you what application you want to open a downloaded file with.
>
> This is much less flexible than allowing the web page (web application)
> to interact with the SAMP hub itself, which is what you can do
> with SAMP+Web Profile.  However, in practice, nearly(?) all Web SAMP
> pages that I'm aware of just use Web SAMP to allow the user to
> send a samp.load.votable or image.load.fits message, and that's
> done nearly as well by the helper application.  It works with
> rather than against normal browser operations, which makes it
> much less painful to implement than the HTTPS profile;
> it works equally with HTTPS or HTTP, and no additional
> infrastructure is required.  The main downside is that the user has
> to configure it somehow (install script, tell browser to use it
> to handle relevant files).
>
> I have written such a helper application, and I'd be interested
> to know if anyone wants to try it out: especially data providers
> who are using HTTPS and want to allow users to load tables/images
> using SAMP.  Would this be an acceptable solution?
>
> You can find the application here:
>
>    http://andromeda.star.bris.ac.uk/websamp/sampload.jar
>
> If you run, e.g. "java -jar sampload.jar /tmp/tmpfile.vot"
> then it will pop up a window asking which VOTable-capable
> SAMP client you want to send tmpfile.vot to.
> (It works out what kind of file it is by looking at the content).
>
> Unless your OS/browser can execute jar files directly, to use it with
> a browser you'll need to accompany it with a small shell script or
> equivalent like
>
>    #!/bin/sh
>    java -jar /path/to/sampload.jar "$@"
>
> Any feedback, comments, ideas welcome.
>
> Mark
>
> --
> Mark Taylor   Astronomical Programmer   Physics, Bristol University, UK
> m.b.taylor at bris.ac.uk +44-117-9288776  http://www.star.bris.ac.uk/~mbt/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ivoa.net/pipermail/apps-samp/attachments/20190822/1052a62c/attachment.html>

More information about the apps-samp mailing list