[mapserver-dev] OGC API Review Requested
Steve Lime
sdlime at gmail.com
Wed Jun 30 10:48:18 PDT 2021
On Wed, Jun 30, 2021 at 9:23 AM Even Rouault <even.rouault at spatialys.com>
wrote:
> Steve,
>
> I'm interested in what folks think about the Inja templating/includes
> issues detailed in the Security Considerations -> Template Handling section.
>
> Templates are supposed to be under full control of the mapserver
> administrator, and not users triggering the API, right ? So I'm not sure
> what actual security issue there is.
>
Correct, the location is defined by environment variable or metadata
element. Just worth noting I guess.
> *task: add ows_contact* information to the landing page (from the
> associated values set in the mapfile)*
>
> Probably done per
> https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-9b6e48b47f13dba7ffabed64a2061ed7c8fe48c202ec1c7c5277b9cf95ecac86R26
> and
> https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-46e72d45fbe7adb5c2df20d7e4a963164b077f5505152841bdd6a2ce022ac42dR1166
>
> I don't think contact information is part of the core specification is it?
> I see pygeoapi does support it but is there a standard approach...
>
> It is used for the /api end point and is optional.
>
The templates basically render the JSON response you'd normally get. The
landing JSON response doesn't have that contact info so we'd have to add it
when f=html. If we moved the code to generate the contact info (
https://github.com/sdlime/mapserver/blob/6ee5185d0a9ed1e4186ecc303b1fa4c0394e36ca/mapogcapi.cpp#L1305)
into its own function then it could used in both instances.
> Anyway, regarding other items in the wishlist, we should merge the current
> work ASAP and deal with further changes as increments / tickets.
>
Agreed. I'd like to call for a vote on RFC 134 and will start with a +1.
> --
>
> http://www.spatialys.com
> My software is free, but my time generally not.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20210630/34a2665f/attachment.html>
More information about the mapserver-dev
mailing list