want to use this for some in company Visualization POC project, there are large amount of csv files can be loaded over plain http when in corporate network, while right now this site https://beta.observablehq.com is pure https only is good for end-to-end encryption, but this prohibits loading any data from plain http site, I can see the “Mixed Content” errors in Browser console
Mixed Content: The page at 'https://beta.observablehq.com/d/xxxxxx80d5809c5' was loaded over HTTPS, but requested an insecure resource 'http://some-http-only-in-corporate-site/.../path/to/data/resources/...csv'. This request has been blocked; the content must be served over HTTPS.
because there are huge amount of csv files may not be efficient to copy to a public accessible place like gist, or because of legal reasons we can’t make them publicly accessible,
wonder is this possible to have http site as well? or have a on-premises solution for corporate in-house use? (either an open source solution or a paying service like Github Enterprise?)
You can sometimes use cors-anywhere as a proxy, for example https://beta.observablehq.com/d/ebee526443a1e65b
No, I got a 404 error because this-domain-is-only-resolvable-to-in-house-dns-servers; it’s not publicly accessible
404 Not found because of proxy error: Error: getaddrinfo ENOTFOUND <this-domain-is-only-resolvable-to-in-house-dns-servers>
indeed that’s one case where you won’t be able to use a public proxy; you will probably have to create an in-house proxy, or upgrade your in-house servers to offer https.
I do have a cors proxy with https serving with a self-signed ssl cert, then hit another problem is net::ERR_INSECURE_RESPONSE I guess the problem is on the ssl cert,
wonder is this observablehq.com site possible to have plain http as well?
they will answer, but in the meantime you might be able to use chrome with specfic options like in https://stackoverflow.com/questions/41041511/google-chrome-allow-running-insecure-content-does-not-work (I haven’t tested)
We aren’t going to make Observable accessible under HTTP - it’s intentionally built as a secure site, and very soon all HTTP sites will be marked as not secure by Chrome.
We do plan to implement some nice features for this sort of usage within an intranet that will preserve our security promises, but they’re all a little further down the road.
For now - most likely, your browser isn’t trusting the self-signed SSL certificate. You might want to try visiting the page / resource in question directly (not just loading it through Observable) and seeing if your browser gives you an option to trust the certificate and load the page. After you do that, your browser should be able to trust that self-signed certificate and load the resources.
@tom I understand the need for obersvablehq to only allow HTTPS support but this makes it difficult to
fetch() data from sources that don’t always have updated SSL certification’s. For instance what’s the recommended ObservableHQ practice for pulling in this HTML table of marathon results http://www.besttimescct.com/results/marathon-results-by-place-20187.HTML ?
Hey - yep, a cors proxy is a good way to do this, or what I like to do for websites that won’t change - this race probably won’t have new results - is to download them and rehost on a quick website that does support HTTPS & CORS, in my case using Now Desktop (but other options like GitHub Gist work too). Here’s an example with this site: https://www.loom.com/share/302c80a11c894a2b8d4428d0b9c0d82f