Support for HTTPS in SPARQL endpoint

[Eric Weitz]

Hi WikiPathways,

Could you support HTTPS in the SPARQL endpoint (http://sparql.wikipathways.org)?  Among other benefits, this would enable SPARQL queries directly from JavaScript in a web browser.

It seems CORS is enabled, which is great and necessary.   However, many browsers prohibit "mixed content" -- i.e. loading HTTP resources from an HTTPS domain -- because it is insecure.  My use case for querying the SPARQL endpoint directly from the browser involves an ideogram web component for gene search recommendations.  More use cases are certainly feasible.  

Steps to reproduce a minimal use case:

1.  Go to https://eweitz.github.io/ideogram/related-genes?q=RAD51

2.  Open your web browser's Developer Tools (DevTools) 

3.  Go to Console panel in DevTools

4.  Execute this sample code:

fetch("http://sparql.wikipathways.org/sparql?output=json&query=SELECT%20DISTINCT%20%3Fpathway%0AWHERE%20%7B%0A%0A%20%20%20%3Fpathway%20a%20wp%3APathway%20%3B%0A%20%20%20%20%20%20dc%3Aidentifier%20%3Chttps%3A%2F%2Fidentifiers.org%2Fwikipathways%2FWP1425%3E%20.%20%20%0A%7D%0A");

5.  Note error message: 

Mixed Content: The page at 'https://eweitz.github.io/ideogram/related-genes?q=RAD51' was loaded over HTTPS, but requested an insecure resource 'http://sparql.wikipathways.org/sparql?output=json&query=SELECT%20DISTINCT%20%3Fpathway%0AWHERE%20%7B%0A%0A%20%20%20%3Fpathway%20a%20wp%3APathway%20%3B%0A%20%20%20%20%20%20dc%3Aidentifier%20%3Chttps%3A%2F%2Fidentifiers.org%2Fwikipathways%2FWP1425%3E%20.%20%20%0A%7D%0A'. This request has been blocked; the content must be served over HTTPS.

7.  Go to an HTTP domain, e.g. http://example.com

8.  Execute steps 2 - 4

9.  Note no error

The expected behavior is to see no error in step 5.

Thanks for considering this enhancement to widen the audience for WikiPathways!

Best regards,

Eric

https://github.com/eweitz

[Eric Weitz]

To clarify, those steps describe why lacking HTTPS is a problem.  The expected solution would allow using HTTPS in the SPARQL query, e.g.:

fetch("https://sparql.wikipathways.org/sparql?output=json&query=SELECT%20DISTINCT%20%3Fpathway%0AWHERE%20%7B%0A%0A%20%20%20%3Fpathway%20a%20wp%3APathway%20%3B%0A%20%20%20%20%20%20dc%3Aidentifier%20%3Chttps%3A%2F%2Fidentifiers.org%2Fwikipathways%2FWP1425%3E%20.%20%20%0A%7D%0A");

(Note use of "https://" rather than "http://" above.)

Currently, when that JavaScript is run via web browser DevTools Console, it returns an error, net::ERR_CERT_COMMON_NAME_INVALID.

In addition to enabling queries directly from JavaScript in a web browser -- and the useful applications that makes possible -- supporting HTTPS in the SPARQL endpoint would also let users browse the SNORQL UI at https://sparql.wikipathways.org without needing to bypass loud security warnings.

How feasible would it be to support HTTPS in the SPARQL endpoint?

Thanks,

Eric

https://github.com/eweitz

[Egon Willighagen]

Hi Eric,

I up the urgency of this with our team.

Egon

--
You received this message because you are subscribed to the Google Groups "wikipathways-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wikipathways-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wikipathways-discuss/6dd1894b-a97b-4c82-996d-0681946e1849n%40googlegroups.com.

--

This year I am stepping down as co-Editor-in-Chief of the Journal of Cheminformatics, because of a conflict of interest with Springer Nature. See https://twitter.com/egonwillighagen/status/1403299501947899907 

-----

E.L. Willighagen
Department of Bioinformatics - BiGCaT
Maastricht University (http://www.bigcat.unimaas.nl/)

Twitter/Mastodon: @egonwillighagen / @egonw
Homepage: http://egonw.github.com/
Blog: http://chem-bla-ics.blogspot.com/
PubList: https://www.zotero.org/egonw
ORCID: 0000-0001-7542-0286
ImpactStory: https://impactstory.org/u/egonwillighagen

[Eric Weitz]

I truly appreciate that, Egon!

[Eric Weitz]

I just noticed https://sparql.wikipathways.org and my example HTTPS SPARQL query now work!  Thanks for the quick enhancement, Egon and team.

[Egon Willighagen]

yeah, sorry, this was done earlier this week, but I was too preoccupied with paper submission deadline that I forgot to update you :(

Egon

To view this discussion on the web visit https://groups.google.com/d/msgid/wikipathways-discuss/b93ad201-19a2-40af-bc63-17b243b85f79n%40googlegroups.com.

[De Sl]

Hi Eric,

Yes, the https change should now be part of every release; if you don't see it directly in the SNORQL interface, you could consider a hard page refresh (ctrl-F5) to remove the cached page).