Support for HTTPS in SPARQL endpoint

65 views
Skip to first unread message

Eric Weitz

unread,
Jun 24, 2021, 8:07:32 AM6/24/21
to wikipathways-discuss
Hi WikiPathways,

Could you support HTTPS in the SPARQL endpoint (http://sparql.wikipathways.org)?  Among other benefits, this would enable SPARQL queries directly from JavaScript in a web browser.

It seems CORS is enabled, which is great and necessary.   However, many browsers prohibit "mixed content" -- i.e. loading HTTP resources from an HTTPS domain -- because it is insecure.  My use case for querying the SPARQL endpoint directly from the browser involves an ideogram web component for gene search recommendations.  More use cases are certainly feasible.  

Steps to reproduce a minimal use case:

2.  Open your web browser's Developer Tools (DevTools) 
3.  Go to Console panel in DevTools
4.  Execute this sample code:


5.  Note error message: 


7.  Go to an HTTP domain, e.g. http://example.com
8.  Execute steps 2 - 4
9.  Note no error

The expected behavior is to see no error in step 5.

Thanks for considering this enhancement to widen the audience for WikiPathways!

Best regards,
Eric


Eric Weitz

unread,
Jun 25, 2021, 6:10:07 AM6/25/21
to wikipathways-discuss
To clarify, those steps describe why lacking HTTPS is a problem.  The expected solution would allow using HTTPS in the SPARQL query, e.g.:


(Note use of "https://" rather than "http://" above.)

Currently, when that JavaScript is run via web browser DevTools Console, it returns an error, net::ERR_CERT_COMMON_NAME_INVALID.

In addition to enabling queries directly from JavaScript in a web browser -- and the useful applications that makes possible -- supporting HTTPS in the SPARQL endpoint would also let users browse the SNORQL UI at https://sparql.wikipathways.org without needing to bypass loud security warnings.

How feasible would it be to support HTTPS in the SPARQL endpoint?

Thanks,
Eric

Egon Willighagen

unread,
Jun 25, 2021, 6:13:31 AM6/25/21
to wikipathways-discuss
Hi Eric,

I up the urgency of this with our team.

Egon

--
You received this message because you are subscribed to the Google Groups "wikipathways-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wikipathways-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wikipathways-discuss/6dd1894b-a97b-4c82-996d-0681946e1849n%40googlegroups.com.


--
This year I am stepping down as co-Editor-in-Chief of the Journal of Cheminformatics, because of a conflict of interest with Springer Nature. See https://twitter.com/egonwillighagen/status/1403299501947899907 

-----
E.L. Willighagen
Department of Bioinformatics - BiGCaT
Maastricht University (http://www.bigcat.unimaas.nl/)

Eric Weitz

unread,
Jun 25, 2021, 6:18:21 AM6/25/21
to wikipathways-discuss
I truly appreciate that, Egon!

Eric Weitz

unread,
Jul 1, 2021, 8:06:35 AM7/1/21
to wikipathways-discuss
I just noticed https://sparql.wikipathways.org and my example HTTPS SPARQL query now work!  Thanks for the quick enhancement, Egon and team.

Egon Willighagen

unread,
Jul 1, 2021, 8:19:38 AM7/1/21
to wikipathways-discuss

yeah, sorry, this was done earlier this week, but I was too preoccupied with paper submission deadline that I forgot to update you :(

Egon

De Sl

unread,
Mar 23, 2023, 6:33:18 AM3/23/23
to wikipathways-discuss
Hi Eric,

Yes, the https change should now be part of every release; if you don't see it directly in the SNORQL interface, you could consider a hard page refresh (ctrl-F5) to remove the cached page).

Reply all
Reply to author
Forward
0 new messages