Shiny App Embed: HTTP iframe conflicting with HTTPS #148
Comments
|
Ok, we’ll proceed without a certificate for now.
There is a nuance in the gh-pages, you can turn-off the forcing to HTTPS. But, by default, HTTPS is enabled (but you don’t have to visit it). Right now, I’m forcing to HTTPS.
From: Nick Lucius [mailto:notifications@github.com]
Sent: Tuesday, August 08, 2017 4:03 PM
To: Chicago/clear-water <clear-water@noreply.github.com>
Cc: Schenk, Tom <Tom.Schenk@cityofchicago.org>; Mention <mention@noreply.github.com>
Subject: [Chicago/clear-water] Shiny App Embed: HTTP iframe conflicting with HTTPS (#148)
@tomschenkjr<https://github.com/tomschenkjr> - it looks like AWS has a UI for adding HTTPS, but it only works with EC2 instances that use Elastic Load Balancing or CloudFront--I'm not sure that we use either: https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/.
If we create our own certificate, we'll still might get blocked by browsers: https://www.r-bloggers.com/shiny-https-securing-shiny-open-source-with-ssl/
New GitHub Pages are HTTPS only: https://github.com/blog/2186-https-for-github-pages
It looks like a third party certificate might be the only way.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#148>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ABkC0W_jq8cYrIMbuDhDDiyl0RTXiV6vks5sWM0TgaJpZM4OxSkb>.
…________________________________
This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail (or the person responsible for delivering this document to the intended recipient), you are hereby notified that any dissemination, distribution, printing or copying of this e-mail, and any attachment thereto, is strictly prohibited. If you have received this e-mail in error, please respond to the individual sending the message, and permanently delete the original and any copy of any e-mail and printout thereof.
|
|
Here are some instructions on a Shiny app and a certificate https://www.r-bloggers.com/shiny-https-securing-shiny-open-source-with-ssl/ |
|
It appears the HTTPS enforce is only for the index page. However, it is not enforced by default when going to the When we get a chance, let's grab a certificate and post it to the EC2 instance. But, at least, it's not a pressing matter. |
|
@nicklucius - for @ThorSean upcoming article, he's hitting some HTTPS mixed-content issues. I don't think we can sidestep it this time. Can you take a look at adding a token. This may be a viable, free option. Let me know if this is shaping-up to be a complete pain. |
|
@tomschenkjr - no problem, I'll look into this. |
|
@tomschenkjr - I ran into a problem with Let's Encrypt. They blacklist EC2 domain names. Here is my error when generating a certificate: And here is a discussion that confirms this is a problem for EC2 domains. If we could get a |
@tomschenkjr - it looks like AWS has a UI for adding HTTPS, but it only works with EC2 instances that use Elastic Load Balancing or CloudFront--I'm not sure that we use either: https://aws.amazon.com/blogs/aws/new-aws-certificate-manager-deploy-ssltls-based-apps-on-aws/.
If we create our own certificate, we'll still might get blocked by browsers: https://www.r-bloggers.com/shiny-https-securing-shiny-open-source-with-ssl/
New GitHub Pages are HTTPS only: https://github.com/blog/2186-https-for-github-pages
It looks like a third party certificate might be the only way.
The text was updated successfully, but these errors were encountered: