Uploaded image for project: 'IGB'
  1. IGB
  2. IGBF-2490

Investigate: Fix implementation of requests to IGB endpoints to support safari etc.

        Details

        • Type: Bug
        • Status: Closed (View Workflow)
        • Priority: Major
        • Resolution: Done
        • Affects Version/s: None
        • Fix Version/s: None
        • Labels:
        • Story Points:
          5
        • Epic Link:
        • Sprint:
          Summer 4: 14 Jul - 28 Jul, Summer 5: 3 Aug - 14 Aug, Summer 6: 17 Aug - 28 Aug

          Description

          Making requests to the IGB API is done over http and some browsers see a security issue with doing so under an overarching secured connection and classify this as Mixed Content. Safari, for instance, blocks these sorts of requests.

          Instead of making requests in this way, the window location can be changed using javascript, which initializes a new connection, circumventing the error. See my comment here for more details.

          Task: Update the requests in app store to use the method described above, in order to allow all browsers to interact with IGB.

          Update: Allow browsers that do not support http connections to localhost on a secure parent connection to connect to IGB over https.

            Attachments

              Issue Links

              relates to

              Bug - A problem which impairs or prevents the functions of the product. IGBF-2987 Fix Galaxy IGB CORS issue

              • Blocker - Blocks development and/or testing work, production could not run.
              • Closed

              Task - A task that needs to be done. IGBF-2505 Turn off redirection to https for galaxy bridge in bioviz-playbooks

              • Major - Major loss of function.
              • Closed

              Task - A task that needs to be done. IGBF-2420 Determine why Safari is not letting the igb status check occur when choosing View in IGB on Safari

              • Blocker - Blocks development and/or testing work, production could not run.
              • Closed

              Task - A task that needs to be done. IGBF-2485 Investigate IGB localhost endpoint HTTPS

              • Blocker - Blocks development and/or testing work, production could not run.
              • Closed

                Activity

                Ascending order - Click to sort in descending order
                15 older comments
                Hide
                Permalink
                ann.loraine Ann Loraine added a comment -

                Thanks!

                Further clarification request:

                • Third box: "is evaluated" - who and what is doing the evaluating?

                There are two software programs here - IGB itself and the browser. And a user!

                Could you maybe modify the flow diagram to use active voice for what the software programs are doing?

                Or it could be faster (and less work for you!) to have a short zoom session where you walks us through it. We could include other(s) who might work on it, as well.

                Show
                ann.loraine Ann Loraine added a comment - Thanks! Further clarification request: Third box: "is evaluated" - who and what is doing the evaluating? There are two software programs here - IGB itself and the browser. And a user! Could you maybe modify the flow diagram to use active voice for what the software programs are doing? Or it could be faster (and less work for you!) to have a short zoom session where you walks us through it. We could include other(s) who might work on it, as well.
                Hide
                Permalink
                pbadzuh Philip Badzuh (Inactive) added a comment - - edited

                Requests must be browser-specific due to variable browser security constraints, so it is the browser that must implement the logic to determine over what scheme they are to be made - HTTP or HTTPS. The cookie I have proposed would be set and referenced by the browser.

                I have updated the diagram and would be glad to meet over zoom whenever convenient for everyone who is interested, if there are any further questions. Just let me know.

                Show
                pbadzuh Philip Badzuh (Inactive) added a comment - - edited Requests must be browser-specific due to variable browser security constraints, so it is the browser that must implement the logic to determine over what scheme they are to be made - HTTP or HTTPS. The cookie I have proposed would be set and referenced by the browser. I have updated the diagram and would be glad to meet over zoom whenever convenient for everyone who is interested, if there are any further questions. Just let me know.
                Hide
                Permalink
                ann.loraine Ann Loraine added a comment -

                I'm confused about the second-from-the-top green tile. I don't understand how "referrer" can ever be IGB trusted endpoint. I thought "referrer" mean: the page containing a link you click. When you click a link in a page, then that page becomes the "referrer" for the new request you make upon clicking the link.

                Maybe it would be clearer if you split the green tile into two? Seems like there are two decision points here. First is: "Is this browser Safari"? If yes, you go on to the next decision point. (This next decision point is the one I don't understand.)

                Show
                ann.loraine Ann Loraine added a comment - I'm confused about the second-from-the-top green tile. I don't understand how "referrer" can ever be IGB trusted endpoint. I thought "referrer" mean: the page containing a link you click. When you click a link in a page, then that page becomes the "referrer" for the new request you make upon clicking the link. Maybe it would be clearer if you split the green tile into two? Seems like there are two decision points here. First is: "Is this browser Safari"? If yes, you go on to the next decision point. (This next decision point is the one I don't understand.)
                Hide
                Permalink
                pbadzuh Philip Badzuh (Inactive) added a comment - - edited

                Sorry, you are right - using the referrer header alone would not work. I have updated the diagram logic and have tried make it account for every condition that I could think of. Please review and let me know what you think.

                Show
                pbadzuh Philip Badzuh (Inactive) added a comment - - edited Sorry, you are right - using the referrer header alone would not work. I have updated the diagram logic and have tried make it account for every condition that I could think of. Please review and let me know what you think.
                Hide
                Permalink
                ann.loraine Ann Loraine added a comment -

                Design is sufficiently investigated. Moving to Done.

                Show
                ann.loraine Ann Loraine added a comment - Design is sufficiently investigated. Moving to Done.

                  People

                  • Assignee:
                    pbadzuh Philip Badzuh (Inactive)
                    Reporter:
                    pbadzuh Philip Badzuh (Inactive)
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    4 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: