kvuppala
commented
7 years ago This is addressed few weeks ago:
We have updated the http URLs on the getCapabilities request for csw-all and csw. https://catalog.data.gov/csw-all?request=GetCapabilities&service=CSW&version=2.0.2
On the individual records, the URLs are applied during the record transformation. We will plan to review and upgrade the necessary configuration in the next two weeks, however the changes won’t be immediate as it will require the entire to be re-indexed in pycsw database. Looks like NOAA site also has HSTS incorporate, if the client APIs are implemented to work with the redirected URL it should be fine.
Issure reported by ESRI.
one of our users at BLM has reported some recent issues doing federated searches from our Geoportal Server to Data.gov via CSW. We noticed the http url we used before is now being redirected to https (assuming as part of implementing the HTTPS-Only Standard, https://https.cio.gov/).
realizing this is not going to be applied across the board overnight. but is it possible to update the GetCapabilities response to include https URLs for the various OGC CSW operations? I think the mix of https for GetCapabilities and http for GetRecords (that would then be redirected) is throwing us off.
https://catalog.data.gov/csw-all?request=GetCapabilities&service=CSW&version=2.0.2
Apart from this, individual records still contain many http links. like this one: https://catalog.data.gov/csw?service=CSW&request=GetRecordById&version=2.0.2&ElementSetName=full&outputschema=http%3A%2F%2Fwww.isotc211.org%2F2005%2Fgmd&ID=5c07fea3-f97a-4f9d-8a80-50f23a3cb0cb
this will start breaking clients when those also switch to HTTPS-only.
is there an active campaign from Data.gov to the individual agencies to promote switching? or elsewhere?
please let me know if you can help with resolving this issue for BLM (and others who have enjoyed searching Data.gov from their own clients).