-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Warning - new go site to amigo query #101
Comments
Note: this is also true when launching an enrichment analysis as pantherdb is also http. Pantherdb is being rewritten but to avoid this issue to delay the release of the new site, I propose we just deploy it on S3/Cloudfront for the time being. Then, when everything is ready, we can always switch back to deploy on GitHub pages (only https). One disadvantage of that is that we'll need to redeploy manually the site whenever changes are made on the pages (unless we use a webhook). @kltm your opinion ? |
S3/Cloudfront is a viable way forward. There is no need for manual deployments, which should be avoided--anything that needs credentials can be orchestrated through a build pipeline. That said, I feel like we've been changing targets faster than we can make progress on any one of them, which is somewhat counterproductive. As we still need to have the root domain handled by a proxy, I think we should just see how much progress there is over the next week. |
This hasn't changed yet, still encountering this pop up. |
I tag this issue as a bug as this is affecting usability. Meanwhile, the site is deployed in http. |
To catch this ticket up, initially, we were going to upgrade the AmiGO/GOlr servers to accept HTTPS so that there was not the downgrade warning. However, it looks like the PANTHER site, which has similar issues, will not be ready for a couple of months regardless, so we'll just keep HTTP for now, no HTTPS. TL;DR: Current test.geneontology.io is now http-only, with https waiting in the wings. |
Further SSL work can be the old geneontology/go-site#53 |
During the meeting, Pascale pointed me to a security warning she had when searching for something in the "Search GO term or Gene Product" bar:
After looking around, I found the issue: GitHub pages deploys the site in https (as it should) but amigo is only deployed in http, hence this warning stating we'll be sending data to an unsecured website. This warning didn't exist for the old geneontology.org because it was also deployed on an unsecured http.
@kltm @cmungall could amigo be deployed in https ? It would also mean that all golr services be deployed in https. IMHO, any reusable service should always be deployed in https as they are otherwise not accessible from other secured endpoints.
The text was updated successfully, but these errors were encountered: