Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Updated WebAgg JS to check and send request over wss if using HTTPS #25039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 25, 2023
Merged

Updated WebAgg JS to check and send request over wss if using HTTPS #25039

merged 1 commit into from
Jan 25, 2023

Conversation

whyvra
Copy link
Contributor

@whyvra whyvra commented Jan 20, 2023

PR Summary

Added a small change to the JavaScript for the WebAgg backend. The added JavaScript code will check the protocol and updated the websocket uri to wss: if https: is being used.

This is to fix an issue with matplotlib running behind a reverse proxy that adds HTTPS and secure HTTP headers like HSTS. The connection to the insecure websocket i.e. ws: is blocked by the browser with the message:

Mixed Content: The page at 'https:/<some_website>/' was loaded over HTTPS,  but attempted to connect to the insecure 
WebSocket endpoint 'ws://<some_website>/1/ws'. This request has been blocked; this endpoint must be available over WSS.

PR Checklist

Documentation and Tests

  • Has pytest style unit tests (and pytest passes) N/A
  • Documentation is sphinx and numpydoc compliant (the docs should build without error). N/A
  • New plotting related features are documented with examples. N/A

Release Notes

  • New features are marked with a .. versionadded:: directive in the docstring and documented in doc/users/next_whats_new/ N/A
  • API changes are marked with a .. versionchanged:: directive in the docstring and documented in doc/api/next_api_changes/ N/A
  • Release notes conform with instructions in next_whats_new/README.rst or next_api_changes/README.rst N/A

Not sure whether or not I need to update any documentation, so please let me know if I do.

Thank you

github-actions[bot]
github-actions bot reviewed Jan 20, 2023
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for opening your first PR into Matplotlib!

If you have not heard from us in a while, please feel free to ping @matplotlib/developers or anyone who has commented on the PR. Most of our reviewers are volunteers and sometimes things fall through the cracks.

You can also join us on gitter for real-time discussion.

For details on testing, writing docs, and our review process, please see the developer guide

We strive to be a welcoming and open project. Please follow our Code of Conduct.

@whyvra whyvra mentioned this pull request Jan 20, 2023
Closed
@tacaswell
Copy link
Member

On its face this looks reasonable to me, but I have no idea how to test it.

@rcomer rcomer linked an issue Jan 20, 2023 that may be closed by this pull request
[Bug]: Request to insecure websocket endpoint is blocked by browser #25040
Closed
@whyvra
Copy link
Contributor Author

whyvra commented Jan 20, 2023

@tacaswell I created a repo that uses a Docker image to reproduce the issue and test the updated JS.

You can find it here https://github.com/whyvra/matplotlib-sample.

Please let me know if you need more info on anything.

Cheers

QuLogic
QuLogic approved these changes Jan 21, 2023
View reviewed changes
Copy link
Member

@QuLogic QuLogic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I confirmed this worked with a Caddy reverse proxy.

@QuLogic QuLogic added this to the v3.7.0 milestone Jan 21, 2023
@ksunden ksunden merged commit 66f7956 into matplotlib:main Jan 25, 2023
@meeseeksmachine meeseeksmachine mentioned this pull request Jan 25, 2023
Merged
meeseeksmachine pushed a commit to meeseeksmachine/matplotlib that referenced this pull request Jan 25, 2023
@ksunden @meeseeksmachine
Backport PR matplotlib#25039: Updated WebAgg JS to check and send req…
66953b7 
…uest over wss if using HTTPS
QuLogic added a commit that referenced this pull request Jan 25, 2023
@QuLogic
Merge pull request #25071 from meeseeksmachine/auto-backport-of-pr-25…
21f6e50 
…039-on-v3.7.x

Backport PR #25039 on branch v3.7.x (Updated WebAgg JS to check and send request over wss if using HTTPS)
@ksunden ksunden mentioned this pull request Feb 20, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@QuLogic QuLogic QuLogic approved these changes

@ksunden ksunden ksunden approved these changes

Assignees
No one assigned
Labels
GUI: webagg
Projects
First Time Contributors
Status: Merged
Milestone
v3.7.0
Development

Successfully merging this pull request may close these issues.

[Bug]: Request to insecure websocket endpoint is blocked by browser
4 participants
@whyvra @tacaswell @QuLogic @ksunden