Fix for security/TLS issue in Neo4j Tableau Connector for Mixed Context error


(Mike Morley) #1

Greetings! We are doing some work with the Tableau/Neo4j connector, and ran into an issue with the connector failing with an error against secured connections:

neo4j-web.min.js:17 Mixed Content: The page at 'https://neo4j-contrib.github.io/neo4j-tableau/website/Neo4jWdc2.html' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://coeur.menome.com:7687/'. This request has been blocked; this endpoint must be available over WSS.

By testing against our cloud hosted instance, we traced the issue to the following setting:

dbms.connector.bolt.tls_level=REQUIRED

Setting this to OPTIONAL resolved the issue, but in our use case, we cannot allow the setting to be OPTIONAL (IT security requirements).

One of our developers Kent Brockman forked the repo and has fixed the issue. We have done basic testing of this against our secured cloud instance to verify the fix works as expected.

We have submitted a pull request for review/inclusion with the master Neo4j Tableau Repository, but in the interim the fix is located here:https://github.com/menome/neo4j-tableau/

Cheers!
M.


(Michael Hunger) #2

I commented on the PR thanks a lot for submitting it.
Please address me comments then we can merge it in.


(Mike Morley) #3

Awesome thanks! I'll ping kent and let him know...