Comments (9)
@jgravois @afili can you look at this one?
from resource-proxy.
this is how java handles it,
public static boolean isUrlPrefixMatch(String prefix,String uri){
return uri.toLowerCase().startsWith(prefix.toLowerCase()) ||
uri.toLowerCase().replace("https://","http://").startsWith(prefix.toLowerCase()) ||
uri.toLowerCase().substring(uri.indexOf("//")).startsWith(prefix.toLowerCase());
}
then call isUrlPrefixMatch(su.getUrl(), uri) in getConfigServerUrl() function
we can just implement the same in .NET
from resource-proxy.
based on changes yesterday, whether or not 'http' or 'https' is specified in the proxy.config, a request to the resource using either protocol will be forwarded.
we don't appropriately handle if someone just uses '//server.com'.
it seems to me like it would make more sense for someone who wants to block requests with a particular protocol on a server to handle that in the server configuration itself (rather than via proxy security) so we might just leave the current behavior as is and document it. its definitely sufficient for the 1.0 release anyway.
from resource-proxy.
@jgravois I think the issue is that both php and java already support this so ideally we'd like it to work the same in .NET. Do you think its a common use case that someone would to block request w with a particular protocol? I haven't run into anyone asking for that functionality - but perhaps its come up before?
from resource-proxy.
i agree that consistency is king, but i have never heard of someone expecting/wanting the proxy to block the alternate protocol, only cases where they ran into trouble because both weren't allowed.
from resource-proxy.
@jgravois This comes in handy for some arcgisonline url's where it get switched from http to https automatically (and proxy would fail unless you set up both). It would be somewhat similar in principle to protocol relative URL as described in http://www.paulirish.com/2010/the-protocol-relative-url/
http://example.com - support http only
https://example.com - support https only
//example.com - support both http and https.
from resource-proxy.
my preference/opinion is that the current behavior of the .NET proxy (in which specifying either 'http' or 'https' in proxy.config allows users to proxy both protocols) is best because it doesn't require people to specify a protocol relative URL to avoid the kinds of problem Bjorn is referring to.
that being said, @afili and i are happy to rewrite the logic so that only specifying '//example.com' allows for proxying both. it shouldn't be hard.
from resource-proxy.
java is now following .NET, so if this really need to be addressed, we can come up with something
from resource-proxy.
merged .NET fix is 5421505 safe to close.
from resource-proxy.
Related Issues (20)
- The proxy server application .Net version does not work for ArcGIS server 10.61 HOT 9
- The proxy server application php version does not work with php version 7 and higher HOT 4
- Getting Invalid token error when trying to access ArcGIS World Geocoding Service on non-public Web Map HOT 2
- Proxy Not Renewing Token HOT 8
- Problema con proxy DotNet HOT 2
- wildcard in allowedReferer not working HOT 2
- 304 Not modified errors created in log files for all request. HOT 5
- PHP7 ErrorException count(): Parameter must be an array or an object that implements Countable HOT 2
- Proxy has not been set up for this URL HOT 5
- _legends information lost on secured services HOT 2
- The dotnet version has an unused variable
- Multiple Accounts HOT 3
- time to archive? HOT 1
- Mention NGINX as an alternative in README HOT 3
- preliminary calls not using proxy HOT 5
- How to use esri-resource-proxy in an application running on a different port? HOT 4
- Impossible de créer un canal sécurisé SSL/TLS
- How to install the PHP proxy on EC2 (Amazon Linux 2) HOT 1
- PHP Proxy Doesn't work HOT 1
- Directory Traversal Vulnerability HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from resource-proxy.