To replicate:
Open IGB
Click here while using Google Chrome. This should fail.
Click here while using Google Chrome. This should work.

Note that as of October 21, 2021 Safari and Firefox are able to load the Galaxy files from http. This seems odd, as we have run into issues previously with Safari rejecting any kind of mixed content. For example, BioViz Connect does not work with the Safari browser.

Using IGB release 9.1.8 on Mac 11.6

Https BioViz
Safari Version 15.0 (16612.1.29.41.4, 16612) FAILED
Edge Version 94.0.992.38 (Official build) (x86_64) WORKED
Chrome Version 94.0.4606.81 (Official Build) (x86_64) WORKED
Firefox 93.0 (64-bit) WORKED

Http BioViz
Safari Version 15.0 (16612.1.29.41.4, 16612) WORKED
Edge Version 94.0.992.38 (Official build) (x86_64) FAILED
Chrome Version 94.0.4606.81 (Official Build) (x86_64) FAILED
Firefox 93.0 (64-bit) WORKED

Question: Does this change to Chrome affect BioViz Connect functionality?
Answer: It does not.

After discussion with Philip we determined that the issue appears to stem from Chrome no longer allowing http web pages to access localhost, regardless of whether localhost is http or https.

The two console errors of note when attempting to view IGB data from Galaxy:

Access to XMLHttpRequest at 'http://127.0.0.1:7085/igbStatusCheck' from origin 'http://bioviz.org' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.

Access to XMLHttpRequest at 'http://localhost:7085/igbGalaxyDataView?version=hg38&loadresidues=false&feature_url_0=https://usegalaxy.org/display_application/bbd44e69cb8906b551e684f4bddeb632/igb_bed/View/ec9dcdee3848cb1f/data/Bed_HomoSapien_bed_gz.bed&sym_name_0=Bed_HomoSapien_bed_gz&sym_method_0=https://usegalaxy.org/display_application/bbd44e69cb8906b551e684f4bddeb632/igb_bed/View/ec9dcdee3848cb1f/data/Bed_HomoSapien_bed_gz.bed&query_url=https://usegalaxy.org/display_application/bbd44e69cb8906b551e684f4bddeb632/igb_bed/View/ec9dcdee3848cb1f/data/Bed_HomoSapien_bed_gz.bed&server_url=galaxy' from origin 'http://bioviz.org' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.

My takeaway from this is: The request client is not a secure context and the resource is in more-private address space `local`. I read this as Chrome will no longer allow a less secure client (http) to access a more secure space, with Chrome considering localhost to be more secure.

The chrome developer notes states: "Private Network Access (formerly known as CORS-RFC1918) restricts the ability of websites to send requests to servers on private networks. It allows such requests only from secure contexts. Private network requests are requests whose target server's IP address is more private than that from which the request initiator was fetched. For example, a request from a public website (https://example.com) to a private website (http://router.local), or a request from a private website to localhost. Starting in Chrome 94, public non-secure contexts (broadly, websites that are not delivered over HTTPS or from a private IP address) are forbidden from making requests to the private network."

So regardless of whether we make the endpoint in IGB https, Chrome (and Edge) will not allow http://bioviz.org/galaxy.html to access it. The solution then, would be to update the useGalaxy code to point to https://bioviz.org/galaxy.html. However, this will most likely cause Safari to break. To fix Safari, we will most likely need to implement https on IGB localhost.

What do you think of this suggestion:

• Implement logic that checks the browser and redirects to https if the user is running Chrome, but doesn't if the user is running Safari

Currently, BioViz.org is set to redirect traffic from http to https, except in the case of bioviz.org/galaxy.html (IGBF-2505). So anything that attempts to connect to http://bioviz.org is redirected to https, unless it is http://bioviz.org/galaxy.html.

The logic will be to check the browser and if the user is NOT using Safari, then to check if the current page is http or https. If it is http then we will redirect the users to https. Since Safari works with localhost through http and Chrome/Edge/Firefox work through https, this should fix the problem.

As a side note, the previous logic for determining if the web browser was Safari was broken, so I have fixed it.

Commit: https://bitbucket.org/nfreese/bioviz/commits/e7b234807525d0db287c46cb8d92b2072fd6f864

To test on test server:

1) Open IGB
2) Go to https://bioviztest.bioviz.org/ and make sure that it is running. (If it is not running, ask [~aloraine] to start it.)
3) Copy the URL here and paste it into the web browser you are currently testing.

*The web page should display "Welcome Galaxy User" and "Thank you for using IGB!".
*IGB should load the H_sapiens_Dec_2013 genome and the file Bed_HomoSapien_bed_gz should be loaded as a new track.

4) Turn off IGB.
5) Copy the URL here and paste it into the web browser you are currently testing.

*The page should display "Welcome Galaxy User" and "It looks like you are not yet running IGB. Not a problem!".

6) Test on all of the following web browsers:
Chrome
Edge
Firefox
Safari

Please submit PR. We'll merge it and deploy it onto "biovizmain" so that it can be tested quickly.

Pull request: https://bitbucket.org/lorainelab/bioviz/pull-requests/69/igbf-2987-redirect-non-safari-web-browsers

Merged.

To test:

1) Open IGB
2) Copy the URL here and paste it into the web browser you are currently testing.

*The web page should display "Welcome Galaxy User" and "Thank you for using IGB!".
*IGB should load the H_sapiens_Dec_2013 genome and the file Bed_HomoSapien_bed_gz should be loaded as a new track.

3) Turn off IGB.
4) Copy the URL here and paste it into the web browser you are currently testing.

*The page should display "Welcome Galaxy User" and "It looks like you are not yet running IGB. Not a problem!".

5) Test on all of the following web browsers:
Chrome
Edge
Firefox
Safari

Merged and deployed to main bioviz web site https://bioviz.org. Ready for testing.
Please test right away as this is depoyed to the main site (e.g., "in production").
attn: Nowlan Freese and Omkar Marne

Tested on Safari Version 15.0 (16612.1.29.41.4, 16612) on Mac 11.6 (20G165)
Data were loaded in IGB 9.1.8 with no errors showing in the log.

Tested on chrome 95.0.4638.54 , firefox 94.0 and edge 95.0.1020.30. Data was loaded on IGB 9.1.10 with no errors on all. Please check attached screenshots.

Quick request for Nowlan Freese: Can you provide a link to the source for the diagram you attached? (Or if you created it, do please indicate that.)

The diagram is from the Chrome developer blog linked to in the description.

Omkar Marne identified an issue in Firefox that caused the Galaxy data to be sent to IGB twice. I have created a fix and we have tested it on the bioviz test site.

Pull request: https://bitbucket.org/lorainelab/bioviz/pull-requests/70/igbf-2987-fix-issue-in-firefox-where

PR is merged and deployed to BioViz.org main. Ready for testing.

Firebox bug that caused the Galaxy data to be sent to IGB twice has been resolved. Tested on chrome 95.0.4638.54 , firefox 94.0 and edge 95.0.1020.30. Data was loaded on IGB 9.1.10. Please check attached screenshots.

Closing the ticket.