Skip to content
This repository has been archived by the owner on Apr 26, 2023. It is now read-only.

Improved support for allowedReferer #282

Closed
bsvensson opened this issue Aug 20, 2015 · 2 comments
Closed

Improved support for allowedReferer #282

bsvensson opened this issue Aug 20, 2015 · 2 comments
Milestone
1.1.0

Comments

@bsvensson
Copy link
Member

All three proxies currently support allowedReferer, but with some variations. This is a proposal for standardising and adding some functionality to the allowedReferer property. See table below as well as the bullet points below it.

allowedReferers will exactly match... will not match...
www.example.com http://www.example.com http://www.example.com/
(as above) https://www.example.com http://www.example.net
(as above) http://www.example.com/folder
(as above) http://deep.domain.example.com
*.example.com http://www.example.com http://example.com
(as above) https://www.example.com http://deep.domain.example.com
127.0.0.1 http://127.0.0.1 http://localhost
(as above) http://127.0.0
(as above) http://127.0.0.2
www.example.* www.example.se www.example.se.com
(as above) www.example.com
www.example.com/* http://www.example.com/anything
www.example.com/a http://www.example.com/a http://www.example.com/a/
(as above) http://www.example.com/ab
www.example.com/a* http://www.example.com/a http://www.example.com/b
(as above) http://www.example.com/ab.html
  • //www.example.com - same as for "www.example.com" - both http and https would be allowed
  • http://www.example.com - same as for "www.example.com" except only for http, and not for https.
  • https://www.example.com - same as for "www.example.com" except only for https, and not for http.

The intention is to have the same behavior as for url property for each serviceUrl entry.
As well as be consistent with the "service proxies" in ArcGIS Online.

It differs from AGO in:

  • that for AGO you need to specify both http and https, while with resource proxy you can specify neither protocol (or use generic //).
  • that for AGO it sort of adds a wildcard, i.e. you can't lock it down to not support subfolders.

Feedback? Cc: @afili @jgravois @guo7711 @esoekianto @phpmaps @cheetah90
@bsvensson bsvensson added this to the 1.1.0 milestone Aug 20, 2015
@bsvensson bsvensson mentioned this issue Aug 20, 2015
Merged
bsvensson added a commit that referenced this issue Aug 22, 2015
@bsvensson
Merge pull request #283 from cheetah90/php_allowreferer
6b1721e 
Implement the full PHP handling of allowedReferer (for #282)
This was referenced Aug 22, 2015
Closed
Merged
Merged
bsvensson added a commit that referenced this issue Aug 24, 2015
@bsvensson
Merge pull request #281 from cheetah90/jsp_allowreferer
f145c52 
JSP: Improve the versatile allowReferer handling (for #282)
bsvensson added a commit that referenced this issue Aug 24, 2015
@bsvensson
Merge pull request #285 from cheetah90/dotnet_allowedreferer
5f3382c 
DotNet handle of the allowedReferer (for #282)
@jgravois
Copy link
Contributor

jgravois commented Sep 1, 2015

lets tag a release!

@orlando67
Copy link

it should also be mentioned that the referer URL is case sensitive as well
TestSite != testsite

@thebasa thebasa mentioned this issue Apr 20, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1.0
Development

No branches or pull requests
3 participants
@bsvensson @jgravois @orlando67