0
Answered

bibbase.min.js not loaded through HTTPS

Madhur Behl 7 years ago updated by Nikos Tsantalis 5 years ago 12
I am unable to leverage the full functionality of BiBase for my website. I am using php to integrate BibBase on my publications page at https://fling.seas.upenn.edu/~mbehl/cgi-bin/public...
As you can see, the content is displayed but most of the features (like grouping, show bibtex) are not available. 

I believe the main reason is that the call to the bibase.min.js javascript is blocked.

[blocked] The page at ' https://fling.seas.upenn.edu/~mbehl/cgi-bin/publications.php' was loaded over HTTPS, but ran insecure content from 'http://bibbase.org/js/bibbase.min.js': this content should also be loaded over HTTPS.

I think it is because of this blocking call that I get Uncaught ReferenceError(s)<> that toggleGroup, showBib and groupby are not defined.

The png files which Bibbase uses are also labeled as insecure content but are displayed. However, the js is blocked.

Can bibbase.min.js be provided over https ? or is there another fix available for this ?

I am experiencing this problem both with latest versions of Firefox and Chrome. 

Answer

+1
Answer

All,


Thank you for your patience. We are glad to finally be able to announce HTTPS support!


You can start using it immediately by changing your bibbase URLs to https://.


Please use this thread to report any issues you may observe.


Thank you for using BibBase.


Answered
Hi Madhur,

BibBase doesn't currently support HTTPS, no. I noted that you are forcing ssl (https) for you page even when opening the URL using http. If this is indeed necessary, then no, at this point there is no solution for that. HTTPS support is planned but there is no timeline yet.

Do you really need encryption though? Publication pages do not typically contain confidential information of any kind, so the need for HTTPS for BibBase is very rare.

I understand. The problem is that the php file resides on a secure server. My university only allows cgi on secure servers. 
Both Chrome and Firefox detect this and silently block the content requested over http.
In chrome, there is a shield which appears at the end of the address bar and I can manually choose to display insecure content and then the page loads just fine, but obviously I cannot expect anyone viewing the page to do the same.
Safari seems to work fine though.

Do you think it there can be a work around if I locally host the bibbase.min.js file on the secure server and just provide a relative path in my php file? 
I will try it to see what happens. 
+1
Just FYI and an attempt to sway you in favor of https :)
 "Google to prioritize secure websites" article on BBC 
http://www.bbc.co.uk/news/technology-28687513
+1
Hi Christian,

My research site is secure for all sorts of reasons and, while the  publications pages do not need to be, they are served from the same secure instance.

So, I too would really benefit from a HTTPS implementation of, at least, your js and css files. (Otherwise I'll have to cache them all  and parse the bibbase output changing their paths etc. etc.) Adding SSL is a really quick process and free ( e.g. from startssl.com).  

Bibbase is really great - please consider HTPS.

Thanks,

Greg.

Hi Christian,


Since it has been almost a year since this issue was last addressed, I am writing to check the current status of whether BibBase is supporting HTTPS. Can you please update? I cannot get it to work still.


Thanks!

Kshitija

Hi Kshitija,


HTTPS is not yet supported. An SSL certificate isn't actually free. The free ones that exist do not permit commercial use. However we are planning a "premium" subscription for BibBase that would have HTTPs as a feature (among others). Please let me know if that was an option you would consider. The way it is structured it is targeted at research groups rather then individuals, so it might make the most sense if others in your group also want to use BibBase, or if the group itself decided that they would like to use BibBase for its group site.


Dear Christian,


Let's Encrypt (https://letsencrypt.org/about/) is an option that is actually free also for commercial use.

It provides a couple of additional benefits as well (e.g. automation).

I want to use BibBase as well as it seems to be a great project but as long as https is not supported I can't.


Best wishes,

Markus

+3

Hi Markus,


Thanks for pointing us to Let's encrypt/certbot. I just saw it being announced by EFF as well. Seems like a good option. We'll investigate this.


Best,

Christian

+1

Hi Christian,


I would also like to see support for https just so that BibBase does not break when the rest of the site is served through SSL. Pretty much all 3rd party resources (eg ajax|fonts.googleapis.com) are available through https and allow one to present a page to the visitor with unbroken security. (And yes, I totally agree with you that my publication list is not worth encrypting but as others pointed out – that's the way how visitors experience the web today).


Thanks,

Oliver

My university recently changed all user (faculty and staff) websites to HTTPS by default.

BibBase stopped working with the following error:


Mixed Content: The page at 'https://users.encs.concordia.ca/~nikolaos/bibbase.html' was loaded over HTTPS, but requested an insecure script 'http://bibbase.org/show?bib=users.encs.concordia.ca%2F%7Enikolaos%2Fpublications.bib&jsonp=1&authorFirst=1'. This request has been blocked; the content must be served over HTTPS.


HTTPS support is a must feature, and there are free solutions as pointed out in the previous posts.


Thank you very much for your great work.

BibBase is awesome.

+1
Answer

All,


Thank you for your patience. We are glad to finally be able to announce HTTPS support!


You can start using it immediately by changing your bibbase URLs to https://.


Please use this thread to report any issues you may observe.


Thank you for using BibBase.


+1

Works like a charm!!