[mapserver-dev] OGC API Review Requested
Steve Lime
sdlime at gmail.com
Wed Jun 30 10:56:29 PDT 2021
One thing to note is that it would be good to test the OGC API stuff with
IIS and with FastCGI. I don't know of any reason why FastCGI would be
problematic, but I thought I read somewhere that PATH_INFO is handled
differently with IIS.
On Wed, Jun 30, 2021 at 12:48 PM Steve Lime <sdlime at gmail.com> wrote:
> On Wed, Jun 30, 2021 at 9:23 AM Even Rouault <even.rouault at spatialys.com>
> wrote:
>
>> Steve,
>>
>> I'm interested in what folks think about the Inja templating/includes
>> issues detailed in the Security Considerations -> Template Handling section.
>>
>> Templates are supposed to be under full control of the mapserver
>> administrator, and not users triggering the API, right ? So I'm not sure
>> what actual security issue there is.
>>
>
> Correct, the location is defined by environment variable or metadata
> element. Just worth noting I guess.
>
>> *task: add ows_contact* information to the landing page (from the
>> associated values set in the mapfile)*
>>
>> Probably done per
>> https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-9b6e48b47f13dba7ffabed64a2061ed7c8fe48c202ec1c7c5277b9cf95ecac86R26
>> and
>> https://github.com/MapServer/MapServer/pull/6180/commits/246e52e9884c0d83373c21afb0d45d3b9850b1dd#diff-46e72d45fbe7adb5c2df20d7e4a963164b077f5505152841bdd6a2ce022ac42dR1166
>>
>> I don't think contact information is part of the core specification
>> is it? I see pygeoapi does support it but is there a standard approach...
>>
>> It is used for the /api end point and is optional.
>>
> The templates basically render the JSON response you'd normally get. The
> landing JSON response doesn't have that contact info so we'd have to add it
> when f=html. If we moved the code to generate the contact info (
> https://github.com/sdlime/mapserver/blob/6ee5185d0a9ed1e4186ecc303b1fa4c0394e36ca/mapogcapi.cpp#L1305)
> into its own function then it could used in both instances.
>
>> Anyway, regarding other items in the wishlist, we should merge the
>> current work ASAP and deal with further changes as increments / tickets.
>>
> Agreed. I'd like to call for a vote on RFC 134 and will start with a +1.
>
>> --
>>
>> http://www.spatialys.com
>> My software is free, but my time generally not.
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20210630/2e8cc646/attachment.html>
More information about the mapserver-dev
mailing list