search

gamache / hyperresource

A self-inflating Ruby client for hypermedia APIs. Not under active development.
http://hyperresource.com/doc
MIT License
304 stars 29 forks source link

Add support for offsite links #24

Closed gamache closed 10 years ago

gamache commented 10 years ago

In theory, HyperResource should be able to work with APIs that refer to URLs originating on a different server. In practice, this opens up a class of security problems that could result from sharing headers, etc. among the various servers.

I don't have a clear idea how to solve this most elegantly, but I recognize that this needs to be handled. A single-origin policy should be in place at minimum, but I would rather provide a richer set of controls around authentication to different servers.

gamache commented 10 years ago

0.9 takes care of this with hostmask-scoped configs. Neato!