l00mi
commented
1 year ago Check if customers can add "mod-headers" or similar.
Open l00mi opened 2 years ago
l00mi
commented
1 year ago Check if customers can add "mod-headers" or similar.
MartinaElsawy
commented
1 year ago very complex to implement and security risky
MartinaElsawy
commented
1 year ago agreed to not being in favor to have it as long as we do not have a customer who really asks for it and will pay for it since risky and big effort
MartinaElsawy
commented
1 year ago at least 2 days estimate, hard to estimate for now
l00mi
commented
10 months ago @ludovicm67 what is the security risk mentioned here? It is clear that it needs to be a closed list of possible environemnts.
ludovicm67
commented
10 months ago I will see in the future if I can tacke this in the sparql-proxy directly.
ktk
commented
4 months ago @ludovicm67 does that still make sense with the fixing of de-referencing for TEST & co?
ludovicm67
commented
4 months ago It can still be an option, as for example we can also decide to use the cached endpoint instead of the live one, and so on. But I will mark it explicitly as low priority for now.
For development often multiple Environments are set-up. (E.g. Production, Integration, Testing). To be able to dereference on the final (normally production) namespace, but still use the other environments it is very use full to specify the environment with a HTTP Header, similar to the content-negotiation. There is no current HTTP Header specified sofar but we see at least Response Headers like "X-Environment" in the wild: https://webtechsurvey.com/common-response-headers.
Proposition, allow to set-up multiple SPARQL endpoints with environment names.
Listen on "X-Environment" Request Header and switch accordingly the SPARQL endpoint to the listed in the set-up. If the name is unknown, there is a fallback to the production (without a name) environment.
Alternatively, a URI Parameter can be offered for the same functionality.