-
Notifications
You must be signed in to change notification settings - Fork 401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to specify use of proxy or cors at layer level #10505
Comments
12 tasks
12 tasks
jnewmoyer
pushed a commit
to ngsllc/MapStore2
that referenced
this issue
Oct 17, 2024
* Update Changelog for version 2024.02.00 (geosolutions-it#10602) Co-authored-by: github-actions <[email protected]> * Bump commons-io:commons-io from 2.7 to 2.14.0 (geosolutions-it#10593) * Removed react-confirm-button unused dependency (geosolutions-it#10495) * Update release_steps.md (geosolutions-it#10568) * Remove istambul loader (geosolutions-it#10491) * Attempt to remove instambul loader * removed also package dependency * Apply suggestions from code review clean * Remove jsonpath (geosolutions-it#10494) jsonpath is not needed. It is a dependency of geosolutions-it/patcher actually. Having this dependency here is only confusing for dependency analyisis * Fix geosolutions-it#10595 add missing 'FORMAT' parameter to WMTS GetFeatureInfo requests (geosolutions-it#10596) * add missing 'FORMAT' parameter to WMTS GetFeatureInfo requests this is required by the WMTS spec to be the same format as would be used for a GetTile request, and this allows GFI requests to succeed on https://data.geopf.fr/wmts. * fix mapinfo wmts utils test * Fix geosolutions-it#10505 Allow to specify use of proxy or cors at layer level (geosolutions-it#10526) * fix: remove ui element for force proxy and Allow not secure layers * fix: ajax logic changed, autoDetectCORS is set to true by default * new central CORS util file created and used in ajax * checking CORS before adding in common layer file * null check on getProxyUrl * updated individual layer considring to use proxy if needed * avoid proxy cache to update if response is not okey * enable user to add http url, show warning instead of error, warning text updated * test cases updated * fix: resolve conflicts with url check * fixed the failed test * review cesium layers * include add method in model layer * improve http check for openlayers wms layer * fix tests --------- Co-authored-by: allyoucanmap <[email protected]> * Update openId.md (geosolutions-it#10610) * Bump spring-security version to 5.7.12 (fixes geosolutions-it#10611) (geosolutions-it#10612) somehow something in the build already drags this version, and we end up with two conflicting versions of spring-security in the war which results in at least failure to authenticate with basic auth. * Visibility limits - The resolution option is not retained as Limits type geosolutions-it#10391 (geosolutions-it#10598) * Add lib check release step (geosolutions-it#10614) * geosolutions-it#4675 Remove unused code (geosolutions-it#10442) * geosolutions-it#4675 Remove unused code * remove additional code from review * fix tests folder * remove additional unused files * geosolutions-it#10545: Option to disable identify popup in case of no results (geosolutions-it#10557) * geosolutions-it#10545: Option to disable identify popup in case of no results Description: - handle adding an option called 'hidePopupIfNoResults' to hide the identify popup - add unit tests - add jsdoc * geosolutions-it#10545: Option to disable identify popup in case of no results Description: - revert changes in popupSupport files for ol and leaflet + related tests files - handle hide popup for map viewer with css for openlayers and leaflet approach - add unit tests - edit map-popup.less file to handle hide the popup * geosolutions-it#10545: revert unnecessary changes * Fix geosolutions-it#10615 removed eval from marker utils (geosolutions-it#10616) * geosolutions-it#10545: remove marker in case no results + hover identify mode active and hideEmptyPopupOption with true (geosolutions-it#10619) --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Lorenzo Natali <[email protected]> Co-authored-by: Landry Breuil <[email protected]> Co-authored-by: RowHeat <[email protected]> Co-authored-by: allyoucanmap <[email protected]> Co-authored-by: mahmoud adel <[email protected]> Co-authored-by: Matteo V. <[email protected]>
offtherailz
pushed a commit
that referenced
this issue
Oct 18, 2024
* fix: remove ui element for force proxy and Allow not secure layers * fix: ajax logic changed, autoDetectCORS is set to true by default * new central CORS util file created and used in ajax * checking CORS before adding in common layer file * null check on getProxyUrl * updated individual layer considring to use proxy if needed * avoid proxy cache to update if response is not okey * enable user to add http url, show warning instead of error, warning text updated * test cases updated * fix: resolve conflicts with url check * fixed the failed test * review cesium layers * include add method in model layer * improve http check for openlayers wms layer * fix tests --------- Co-authored-by: allyoucanmap <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The way the http-proxy is used in the application need to be changed and improved to guarantee more automation, better flexibility and exempting also users from interacting with certain concepts CORS related.
At the moment, the application proxy is used by default for all Ajax requests cross domain. If the requested base URL is specified in the useCORS configuration, then MS assumes that CORS headers are enabled and allowed for the origin and the proxy is not used automatically.
There are also different behaviors on how layers tile requests are performed based on the mapping library, e.g.:
With this issue it is requested to change the current behavior to not use the proxy by default (1) and let the MS application to automatically establish when the use of the proxy is necessary through a proper logic depending on the request.
Acceptance criteria
The specified URL is not secure as it uses HTTP. An URL using HTTPs protocol should be provided. Using HTTP, requests will be handled automatically to prevent browser security issues by passing through the proxy.
Force proxy
(Layer Settings) and theAllow not secure layers
(Catalog tool for WMS/WFS sources) are no longer needed and the logic can be removedOther useful information
As a consequence of this implementation the PR #10474 and the connected issue become out of date and can be closed with a comment.
The text was updated successfully, but these errors were encountered: