When working with the GoodData platform, most of the time you are required to use HTTPS. However, there is one scenario when you are good with just HTTP. Here’s a brief summary to know what’s best for what use case.
GoodData is a secure platform; therefore, HTTPS is always enforced for production when working with the hosted GoodData Platform and is strongly recommended for the custom deployment of GoodData.CN.
For development with GoodData.UI against the hosted GoodData Platform, applications created with create-gooddata-react-app tool run on HTTPS by default. (Unless --backend tiger option is supplied.)
There’s only one exception where HTTP is acceptable: When developing against locally hosted GoodData.CN. This is because the AIO (All-In-One) Docker image containing the GoodData.CN CE may need to communicate with your GoodData.UI application and setting up HTTPS for communication within a single localhost machine would be a tedious developer’s experience.
| Production | Development | |||
| HTTPS | HTTP | HTTPS | HTTP | |
| Hosted GoodData Platform | ✅ | ❌ | ✅ | ❌ |
| GoodData.CN CE | ✅ | ❌ | ❌* | ✅ |
* This assumes development against GoodData.CN running on your localhost; once GoodData.CN is fully deployed, we recommend you use HTTPS.
Summary
Always use HTTPS with the exception of testing our GoodData.CN CE on your localhost. That is the only case when it’s ok to use non-secure HTTP.