[ ] Rest API to allow to dynamically configure whitelists via HTTP requests and improve the way certain whitelists are managed at the moment to make them more flexible (e.g. request type white list). Auth provider interface should be provided for this (e.g. for mapstore, geonode)
[ ] Consider implementing CRSF protection to allow proxy requests only from specific web pages, leveraging the cross-site protection provided by browsers. A typical implementation generates a strong random CRSF token, sent inside the web page. It is sent back by the client application within an X-Requested-With (or any other custom) header. This takes advantage of the fact that custom headers are only sent based on CORS policies,
X-Requested-With(or any other custom) header. This takes advantage of the fact that custom headers are only sent based on CORS policies,