Spotfire Web Player becomes unavailable with error "service endpoint binding not using the HTTP protocol" due to IronPython script interfering with .NET HTTP client

Spotfire Web Player becomes unavailable with error "service endpoint binding not using the HTTP protocol" due to IronPython script interfering with .NET HTTP client

book

Article ID: KB0070054

calendar_today

Updated On:

Products Versions
Spotfire Server 11.1 and higher

Description

When trying to access the Spotfire Web Player in a browser, it fails to load with the following error displayed:

An error occurred while receiving the HTTP response to https:// <server.abc.com>:9443/spotfire/ws/LoginService. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details.
 
For example:
User-added image screenshot

The following error is seen in the Web Player worker.host log:
INFO ;2022-08-04T17:04:12,282-03:00;2022-08-04 20:04:12,282;b7159039-d65b-47f6-9434-b1b1fe6012e3;041457687du6f3;46;<user@abc.com>;64e2487634ec3c89bb926180f311325a;Spotfire.Dxp.Services.Http.HttpRetryContext;"Cannot retry error in call to ."
System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP response to https:// <server.abc.com>:9443/spotfire/ws/LoginService. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> IronPython.Runtime.UnboundNameException: global name 'True' is not defined
   at IronPython.Runtime.Operations.PythonOps.GetVariable(CodeContext context, String name, Boolean isGlobal, Boolean lightThrow)


And the following error is seen in the Spotfire Server server.log:
ERROR 2022-08-04T17:04:12,400-0300 [<server.abc.com>, #BS-8702, #816060] wp.controller.WebPlayerExceptionController: Internal Server Error ef4f970c-5f95-4c22-8912-e5c59efdb122 (Service Error 49a1b898882b46ab8167e341b759f96a : An error occurred while receiving the HTTP response to https://<server.abc.com>:9443/spotfire/ws/LoginService. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. (Unauthorized - 49a1b898882b46ab8167e341b759f96a)): 401 An error occurred while receiving the HTTP response to https:// <server.abc.com>:9443/spotfire/ws/LoginService. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. (Unauthorized - 49a1b898882b46ab8167e341b759f96a): "<?xml version="1.0" encoding="utf-8"?><EOL><EOL><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><EOL><EOL><html xmlns="http://www.w3.org/1999/xhtml"><EOL><EOL>  <head><EOL><EOL>    <title>Request Error</title><EOL><EOL>    <style>BODY { color: #000000; background-color: white; font-family: Verdana; margin-left: 0px; margin-top: 0px; } #content { margin-left: 30px; font-size: .70em; padding-bottom: 2em; } A:link { color: #336699; font-weight: bold; text-decoration: underline; } A:visited { color: #6699cc; font-weight: bold; text-decoration: underline; } A:active { color: #336699; font-weight: bold; text-decoration: underline; } .heading1 { background-color: #003366; border-bottom: #336699 6px solid; color: #ffffff; font-family: Tahoma; font-size: 26px; font-weight: normal;margin: 0em 0em 10px -20px; padding-bottom: 8px; padding-left: 30px;padding-top: 16px;} pre { font-size:small; background-color: #e5e5cc; padding: 5px; font-family: Courier New; margin-top: 0px; border: 1px #f0f0e0 solid; white-space: pre-wrap; white-space: -pre-wrap; word-wrap: break-word; } table { border-collapse: collapse; border-spacing: 0px; font-family: Verdana;} table th { border-right: 2px white solid; border-bottom: 2px white solid; font-weight: bold; background-color: #cecf9c;} table td { border-right: 2px white solid; border-bottom: 2px white solid; background-color: #e5e5cc;}</style><EOL><EOL>  </head><EOL><EOL>  <body><EOL><EOL>    <div id="content"><EOL><EOL>      <p class="heading1">Request Error</p><EOL><EOL>      <p>The server encountered an error processing the request. See server logs for more details.</p><EOL><EOL>    </div><EOL><EOL>  </body><EOL><EOL></html>

Environment

All

Resolution

The root cause of this issue is custom IronPython scripts that when executed interfere with the .NET HTTP client communication which Spotfire relies on as of version 11.1 (earlier WinINet was used). IronPython scripts cannot set global .NET settings/behaviors, by using ServicePointManager for example, since those can and will affect the execution of the product causing instability. 

Example script:
def AcceptAllCertifications(a,b,c,d):return True
ServicePointManager.ServerCertificateValidationCallback = AcceptAllCertifications


Before version 11.1, these scripts would not have caused system-wide issues since the modification of the global .NET HTTP settings did not affect Spotfire at that time.

The problem is that the ServicePointManager is a static, singleton class which means that if a client (an IronPython script in this case) makes a change it changes for everything (including the rest of the Spotfire application). Per the important note on the  ServicePointManager Class documentation:
  • "We don't recommend that you use the ServicePointManager class for new development. Instead, use the System.Net.Http.HttpClient class"


To avoid this issue, find and remove (or quarantine) all dxp files which contain these problematic scripts until the scripts are modified.  In order to find scripts which contain the problematic usage of ServicePointManager like above, there are a couple options: Ensure proper testing of new scripts is performed in lower environments before use in production environments to avoid any issues.
 

Important Note:

Other uses ServicePointManager might cause different issues and symptoms. For example, modifying the TLS version to TLS 1.0 explicitly with:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;

This will cause the following error when trying to use the Web Player since it will cause the secure communication channel to fail:
Could not establish secure channel for SSL/TLS with authority 'server:9443'. (Unauthorized)): 401 Could not establish secure channel for SSL/TLS with authority 'server:9443'

Issue/Introduction

This article describes how IronPython scripts which interfere with the .NET HTTP client can cause the Spotfire Web Players to fail

Additional Information

Wiki: How to find specific scripts in DXP files in the Spotfire Library using the Application Profiler Wiki: Script and Data function trust in Spotfire 10.3 and later External: ServicePointManager Class