Are custom domains (HTTP) safe?

Posit Professional & Hosted Products shinyapps.io
1

Hi,

I am considering upgrading my shinyapps account to Professional.
The most important reason for this is that my organisation would like to use custom domains.
I read that custom domains do not support the HTTPS protocol.
Because we deal with somewhat sensitive information, security is very important.
Say we want to use the domain http://shiny123.myorg.com, is it safe to visit that URL because it is a CNAME for https://myorg.shinyapps.io/shiny123 ? Or should I wait for HTTPS support for custom domains? (I saw that the user 'bosborne' had a similar question on the 5th of Feb)
I haven't worked with custom domains before, so any help is useful.

Thanks!
Kris

2

I also contacted RStudio Support directly. This was their response:

"While custom domains are served over http, the shiny application itself is served over https. Custom domains are implemented as http pages that have the https shinyapps.io URL embedded in an iframe, so the app content itself is secure."

For others who were wondering, now you know the answer.

1 Like