search

tangrams / tangram

WebGL map rendering engine for creative cartography
https://tangram.city
MIT License
2.22k stars 290 forks source link

Data sources can specify optional request headers #670

Closed bcamper closed 6 years ago

bcamper commented 6 years ago

Following up on #668: to enable cases where a client would like to send additional, custom HTTP headers with each tile request.

A data source can specify key/value pairs for header names/values, with the request_headers parameter. For example, if the tile backend is authorized with and OAuth token:

sources:
    tiles:
        type: TopoJSON
        url: ...
        request_headers:
            Authorization: Bearer XXXXXX

While request_headers can be specified statically in the scene file, it's more likely they would be added programmatically at run-time (they could either be added after a scene load event, or by directly modifying scene.config and calling scene.updateConfig()). They would also generally be expected to be used with custom tile sources.

CORS

If the tile source is being made via CORS requests (the tile source's origin is different from the origin the the web page was loaded from), then adding custom request_headers will cause an additional "preflight" OPTIONS request for each tile (before the GET request for tile data). This extra request is required so that the client can verify that the server will accept the desired headers, which the server must authorize with the Access-Control-Allow-Headers header. See more info on CORS preflight requests.

pakore commented 6 years ago

This is awesome! Thanks a lot.

bcamper commented 6 years ago

@matteblair @tallytalwar are you good with this from a future ES perspective? (Should follow the syntax suggested by @matteblair.)

matteblair commented 6 years ago

Yeah I don't see any problems implementing this in Tangram ES :+1: