Making script content 'safe' for HTTPS display (Bokeh)

4
votes

I was searching for a solution and came across a removed question from maria saz. Fortunately, I was able to see it cached by google. Since I have the exact same question, I borrowed the original text:

""" I'm building a website with Bokeh plots, using inline embedding. However, using an https connection to the site blocks the plots from being rendered, as the source is deemed 'unauthenticated'. Is there a way to solve this?

In the 'Security Overview', it says:

Blocked mixed content Your page requested insecure resources that were blocked.

Where the two blocked requests were:

bokeh-0.12.1.min.css

bokeh-0.12.1.min.js

... """

In my case, I can add a bit of further information. The site is being built using django and google app engine, and if I allow the unsafe content, the bokeh plots work as expected.

How can I serve my content so the scripts will load without the warning?

2
pythondjangogoogle-app-enginehttpsbokeh

2 Answers

1
votes

This issue was addressed simply by referring to the CDN address with "https://"

See the bokeh embed notes

0
votes

If you are proxying a Bokeh server behind a proxy that is terminating SSL, then you need to configure the proxy to pass the originating protocol on to the Bokeh server, and also use the --use-xheaders command line option to invoke the Bokeh server:

bokeh serve app_script.py --use-xheaders

Can't tell you how to forward the protocol since you haven't specified what your setup is, but there is an example for Nginx and SSL in the User's Guide:

http://docs.bokeh.org/en/latest/docs/user_guide/server.html#reverse-proxying-with-nginx-and-ssl