[Fixes #12253] Improvements to the proxy view

[giohappy]

Checklist

Reviewing is a process done by project maintainers, mostly on a volunteer basis. We try to keep the overhead as small as possible and appreciate if you help us to do so by completing the following items. Feel free to ask in a comment if you have troubles with any of them.

For all pull requests:

• Confirm you have read the contribution guidelines
• You have sent a Contribution Licence Agreement (CLA) as necessary (not required for small changes, e.g., fixing typos in the documentation)
• Make sure the first PR targets the master branch, eventual backports will be managed later. This can be ignored if the PR is fixing an issue that only happens in a specific branch, but not in newer ones.

The following are required only for core and extension modules (they are welcomed, but not required, for contrib modules):

• There is a ticket in https://github.com/GeoNode/geonode/issues describing the issue/improvement/feature (a notable exemption is, changes not visible to end-users)
• The issue connected to the PR must have Labels and Milestone assigned
• PR for bug fixes and small new features are presented as a single commit
• Commit message must be in the form "[Fixes #<issue_number>] Title of the Issue"
• New unit tests have been added covering the changes, unless there is an explanation on why the tests are not necessary/implemented
• This PR passes all existing unit tests (test results will be reported by travis-ci after opening this PR)
• This PR passes the QA checks: black geonode && flake8 geonode
• Commits changing the settings, UI, existing user workflows, or adding new functionality, need to include documentation updates
• Commits adding new texts do use gettext and have updated .po / .mo files (without location infos)

Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or inapplicable.

[codecov]

Codecov Report

Attention: Patch coverage is 95.28302% with 5 lines in your changes are missing coverage. Please review.

Project coverage is 64.12%. Comparing base (0a76441) to head (7bd7467).
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #12254      +/-   ##
==========================================
+ Coverage   64.07%   64.12%   +0.04%     
==========================================
  Files         871      872       +1     
  Lines       52247    52306      +59     
  Branches     6487     6480       -7     
==========================================
+ Hits        33477    33540      +63     
- Misses      17274    17275       +1     
+ Partials     1496     1491       -5     

[ridoo]

@giohappy Does it make sense to allow hosts to be proxied, just because some paths or query parameters are allowed? Any unknown and perhaps bad URL (maybe from a user input) which contains an arbitrary needle (path or query does not matter here) would be allowed by the proxy. As an administrator, I would like to configure allowed hosts explicitly for which I know they should be allowed.

I see PROXY_ALLOWED_PARAMS_NEEDLES and PROXY_ALLOWED_PATH_NEEDLES are configurable, but these match for all hosts which are actually /not/ allowed.

IMO, servers which expose a Web API (e.g. OGC WMS) which is not CORS enabled (I guess, this is what this is all about) is not configured correctly. Not sure, if the operator wants all traffic to be routed through the GeoNode proxy. That would seem to me more as a quick and dirty workaround rather than a good productive configuration.

What do you think? Did I miss something?

[giohappy]

hi @ridoo I understand your concerns, and I agree that this solution is far from ideal.

This has been implemented to meet the logic that MS implements now. The client allows adding external layers to a map, and it implements the reverse logic compared to GeoNode: if the URLs are not listed inside a useCORS array (that GeoNode sets empty) they are automatically proxied. Basically it does what we're doing here.

If we do not support this, the catalog functionality that will be available since GeoNode 4.3.0 (thanks to a more extended integration with MS) won't work.
This is a functionality that many users wanted from MS, and this is why we are making this (temporary) move.
The final solution will be to make MS support the reverse logic, which is the one implemented by GeoNode until now: it should go straight to the origin server, unless stated differently (PROXY_ALLOWED_HOSTS).

BTW, the two settings (which will be set by the client) let administrators change this behavior.

[giohappy]

@ridoo The only alternative for now is to make the two settings an opt-in. However also the MS catalog plugin should be an opt-in in that case, otherwise, we will have a tool that will never work.

[ridoo]

Hey @giohappy, so this is more a (temporary) compatibility thing. Thanks for the background.

[giohappy]

Hey @giohappy, so this is more a (temporary) compatibility thing. Thanks for the background.

correct @ridoo.