Mixing HTTP and HTTPS breaks the Tour

Report a Dgraph Bug

What version of Dgraph are you using?


Have you tried reproducing the issue with the latest release?


What is the hardware spec (RAM, OS)?


Steps to reproduce the issue (command/config used to run Dgraph).

The tour is giving the error

Error: Is Dgraph running locally? or reachable?

This happens when you have an unreachable instance or have two cross-origin running. The tour is served on HTTPS, but the user is instructed to use an instance of Dgraph locally. This means that it will run over HTTP without SSL or TLS.

Google and others have started to block these types of interactions. You can only communicate with HTTPS to HTTPS. Not all browsers happen this.

it works fine on:

  • Chromium
  • Firefox
  • Clean install of Chrome (Version 88.0.4324.150 (Official Build) (x86_64))
  • If you download the Tour repo (tutorial repo) and run bash ./scripts/local.sh and go to http://localhost:1313/tour/ it will run fine in all browsers. Cuz both(Dgraph and the Tour) are in HTTP.

It doesn’t work on:

  • All Brave versions.
  • Safari

Possible solutions

1 - Instruct the user to have a basic HTTPS server locally.
2 - Offer a docker file that has HTTPS enabled. (NGINX or Traefik)
3 - Find some way to force the browser to work with HTTPS and HTTP.
4 - Recommend Slash Free for Tour users.

Some tests

First with the local cluster:

Using Safari

Now with Play (which has HTTPS):


If you do #2 then the mutation portions of the tour will change the user experience between every use.

How so?

I think I was off in my understanding. #2 means to offer an image to download that has https enabled. I was thinking it meant offer a hosted image, nvm me.

Yeah, and I think Traefik would be better cuz it is easy to set up Let’s Encrypt.

1 Like