[mapserver-dev] OGC API Review Requested
Even Rouault
even.rouault at spatialys.com
Wed Jun 30 07:23:14 PDT 2021
Steve,
> I'm interested in what folks think about the Inja templating/includes
> issues detailed in the Security Considerations -> Template Handling
> section.
Templates are supposed to be under full control of the mapserver
administrator, and not users triggering the API, right ? So I'm not sure
what actual security issue there is.
>
> /*task:* add ows_contact* information to the landing page (from the
> associated values set in the mapfile)/
Probably done per
https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-9b6e48b47f13dba7ffabed64a2061ed7c8fe48c202ec1c7c5277b9cf95ecac86R26
and
https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-46e72d45fbe7adb5c2df20d7e4a963164b077f5505152841bdd6a2ce022ac42dR1166
> I don't think contact information is part of the core specification
> is it? I see pygeoapi does support it but is there a standard approach...
It is used for the /api end point and is optional.
Anyway, regarding other items in the wishlist, we should merge the
current work ASAP and deal with further changes as increments / tickets.
--
http://www.spatialys.com
My software is free, but my time generally not.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20210630/7192cbf5/attachment.html>
More information about the mapserver-dev
mailing list