You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a user sets PROXY_SERVER_HTTPS_CONNECTION=true, they expect the server to run over HTTPS. However, if the TLS certificate is missing or fails to generate, the server silently falls back to HTTP with no warning. A user who explicitly opted into HTTPS could unknowingly be served over plaintext.
There are two layers where this happens:
docker-entrypoint.sh: The openssl commands that generate the self-signed certificate do not have their exit codes checked. If any step fails, the script continues and starts the Node server anyway. Additionally, the existing cert file checks have syntax bugs (missing spaces before ]) that cause the conditionals to always fail.
node-server.ts: The useHttps logic silently downgrades to HTTP when cert files are missing:
If the files do not exist, the server starts on HTTP without any error or warning.
Environment
All environments (Docker, local dev, SageMaker)
All browsers
All Graph Explorer versions with HTTPS support
All graph databases
Steps to Reproduce
Set PROXY_SERVER_HTTPS_CONNECTION=true
Ensure no certificate files exist at the expected paths (or corrupt the openssl generation)
Start the server
Observe the server starts on HTTP with no error
Expected Behavior
When HTTPS is explicitly requested, the server should either start with HTTPS or refuse to start entirely with a clear error message. A fail-closed approach:
node-server.ts: When PROXY_SERVER_HTTPS_CONNECTION=true but cert files are missing, log a clear error and exit with a non-zero code instead of falling back to HTTP.
docker-entrypoint.sh: Check exit codes of openssl commands and abort if certificate generation fails. Fix the syntax bugs in cert file existence checks.
Important
If you are interested in working on this issue, please leave a comment.
Tip
Please use a 👍 reaction to provide a +1/vote. This helps the community and maintainers prioritize this request.
Description
When a user sets
PROXY_SERVER_HTTPS_CONNECTION=true, they expect the server to run over HTTPS. However, if the TLS certificate is missing or fails to generate, the server silently falls back to HTTP with no warning. A user who explicitly opted into HTTPS could unknowingly be served over plaintext.There are two layers where this happens:
docker-entrypoint.sh: Theopensslcommands that generate the self-signed certificate do not have their exit codes checked. If any step fails, the script continues and starts the Node server anyway. Additionally, the existing cert file checks have syntax bugs (missing spaces before]) that cause the conditionals to always fail.node-server.ts: TheuseHttpslogic silently downgrades to HTTP when cert files are missing:If the files do not exist, the server starts on HTTP without any error or warning.
Environment
Steps to Reproduce
PROXY_SERVER_HTTPS_CONNECTION=trueExpected Behavior
When HTTPS is explicitly requested, the server should either start with HTTPS or refuse to start entirely with a clear error message. A fail-closed approach:
node-server.ts: WhenPROXY_SERVER_HTTPS_CONNECTION=truebut cert files are missing, log a clear error and exit with a non-zero code instead of falling back to HTTP.docker-entrypoint.sh: Check exit codes ofopensslcommands and abort if certificate generation fails. Fix the syntax bugs in cert file existence checks.Important
If you are interested in working on this issue, please leave a comment.
Tip
Please use a 👍 reaction to provide a +1/vote. This helps the community and maintainers prioritize this request.