Biodalliance

HTTPS support

I've seen an "HTTP Warning" message in Biodalliance

Brief version: your web browser doesn't allow web applications loaded over HTTPS to access resources over HTTP.

Longer version: a number of major browser vendors have decided to impose strong restrictions on "mixed content": situations where a web page or application loads some resources over HTTPS and some over HTTP. There are some good reasons for this, for instance simplifying the semantics of the HTTPS "lock" icons which browser display. The long term intention is clearly to encourage wider (and eventually universal) adoption of HTTPS. However, there are some troublesome edge cases, in particular for web-based data integration tools like Biodalliance. Since Biodalliance 0.13.4, we make a best-effort attempt to detect problems caused by mixed-content restrictions and show the "HTTP Warning" error.

If you've seen the "HTTP Warning" error, you have three options:

  1. Try to access the same data over HTTPS instead of HTTP. Some web servers support both protocols, so it's worth trying just changing "http:" to "https:" in a URL. If not, you could ask the data provider whether they would consider supporting HTTPS.
  2. Tell your browser to allow mixed content. There is probably a button in the URL bar to enable this, although it may be quite subtle (e.g. the "shield" icon in recent versions of Chrome, shown below):
  3. Access Biodalliance itself over HTTP rather than HTTPS. We'd prefer that you didn't do this, but recognize that right this option might be the least hassle...

HTTPS support status

Biodalliance supports HTTPS, both for fetching data and for hosting the Biodalliance application itself. All public data and code served from www.biodalliance.org is available over both HTTP and HTTPS. We would encourage you to use HTTPS wherever possible.

That said, there can be some some issues when HTTP and HTTPS meet. Some major browsers now default to preventing pages loaded over HTTPS from accessing any HTTP resources, and this will lead to errors if an HTTPS-based Biodalliance instance tries to fetch some data over plain HTTP.

Protocol-relative URLs

Biodalliance has full support for protocol-relative URLs, i.e. URLs like: 

     //www.biodalliance.org/datasets/ensgene.bb
these have a "hostname" part but no protocol part. They imply that the server is offering the same resources via both HTTP and HTTPS, and HTTPS will be used when accessing the resource from an HTTPS page.

For data providers

Please, please, offer your data over HTTPS if at all possible. Browser developers and others are increasingly pushing HTTPS and it seems likely that unencrypted HTTP may eventually be deprecated. Setting up HTTPS in web servers is now relatively easy, and there are some options for obtaining SSL certificates for free.