Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to specify use of proxy or cors at layer level #10505

Closed
6 tasks done
allyoucanmap opened this issue Aug 7, 2024 · 0 comments · Fixed by #10526
Closed
6 tasks done

Allow to specify use of proxy or cors at layer level #10505

allyoucanmap opened this issue Aug 7, 2024 · 0 comments · Fixed by #10526
Assignees
@rowheat02 @ElenaGallo
Labels
Accepted enhancement geonode_integration Internal
Milestone
2025.01.00

Comments

@allyoucanmap
Copy link
Contributor

allyoucanmap commented Aug 7, 2024
edited by rowheat02
Loading

Description

The way the http-proxy is used in the application need to be changed and improved to guarantee more automation, better flexibility and exempting also users from interacting with certain concepts CORS related.

At the moment, the application proxy is used by default for all Ajax requests cross domain. If the requested base URL is specified in the useCORS configuration, then MS assumes that CORS headers are enabled and allowed for the origin and the proxy is not used automatically.

There are also different behaviors on how layers tile requests are performed based on the mapping library, e.g.:

  • OpenLayers by default doesn't use the proxy for loading layer tiles
  • Cesium by default configures the proxy based on the global proxyUrl property in localConfig.json

With this issue it is requested to change the current behavior to not use the proxy by default (1) and let the MS application to automatically establish when the use of the proxy is necessary through a proper logic depending on the request.

Acceptance criteria

  • A preflight request should be performed (e.g simply checking the useCORS first and performing an test request early after if necessary) to check if CORS are enabled and allowed. This could happen for example when a catalog source is created or updated but other valid solutions are also accepted
  • Basically, where necessary, the proxy should be automatically used for all requests the application needs to perform (e.g. Ajax requests) if CORS are not allowed. The MS logic should be anyway enough robust and smart to understand if under certain special conditions the proxy is necessary (even if CORS are allowed, for example) such as:
    • To prevent mixed contents when HTTP resources are requested under HTTPs (the proxy is needed anyway). A message should be also notified to the user in catalog tool when a source is added/saved by saying something like:
      The specified URL is not secure as it uses HTTP. An URL using HTTPs protocol should be provided. Using HTTP, requests will be handled automatically to prevent browser security issues by passing through the proxy.
    • To load OL layer tiles in map according to the source type (OL doesn't need tile URLs passing through the proxy for WMS GetMap requests, for example, even if CORS are not allowed)
  • The Force proxy (Layer Settings) and the Allow not secure layers (Catalog tool for WMS/WFS sources) are no longer needed and the logic can be removed
  • The requested default overall behavior (1) should be coherent for all source types supported (WMS, WFS, WMTS, TMS, ArcGIS, IFC and 3D Tiles) as well as mapping libraries (OL, Leaflet and Cesium)

Other useful information

As a consequence of this implementation the PR #10474 and the connected issue become out of date and can be closed with a comment.
@allyoucanmap allyoucanmap added this to the 2024.02.00 milestone Aug 7, 2024
@tdipisa tdipisa assigned rowheat02 and unassigned allyoucanmap Aug 20, 2024
@tdipisa tdipisa linked a pull request Sep 2, 2024 that will close this issue
fix #10505 Allow to specify use of proxy or cors at layer level #10526
Merged
12 tasks
@tdipisa tdipisa modified the milestones: 2024.02.00, 2025.01.00 Sep 6, 2024
@rowheat02 rowheat02 mentioned this issue Sep 25, 2024
Merged
12 tasks
@ElenaGallo ElenaGallo self-assigned this Oct 10, 2024
jnewmoyer pushed a commit to ngsllc/MapStore2 that referenced this issue Oct 17, 2024
@rmelarab-ngs @github-actions
@dependabot @offtherailz @landryb @rowheat02 @allyoucanmap @mahmoudadel54 @MV88
Sync Fork Updates -10.17.24 (#11)
a9e0072 
* Update Changelog for version 2024.02.00 (geosolutions-it#10602)

Co-authored-by: github-actions <[email protected]>

* Bump commons-io:commons-io from 2.7 to 2.14.0 (geosolutions-it#10593)

* Removed react-confirm-button unused dependency (geosolutions-it#10495)

* Update release_steps.md (geosolutions-it#10568)

* Remove istambul loader (geosolutions-it#10491)

* Attempt to remove instambul loader

* removed also package dependency

* Apply suggestions from code review

clean

* Remove jsonpath (geosolutions-it#10494)

jsonpath is not needed. It is a dependency of geosolutions-it/patcher actually.
Having this dependency here is only confusing for dependency analyisis

* Fix geosolutions-it#10595 add missing 'FORMAT' parameter to WMTS GetFeatureInfo requests (geosolutions-it#10596)

* add missing 'FORMAT' parameter to WMTS GetFeatureInfo requests

this is required by the WMTS spec to be the same format as would
be used for a GetTile request, and this allows GFI requests to
succeed on https://data.geopf.fr/wmts.

* fix mapinfo wmts utils test

* Fix geosolutions-it#10505 Allow to specify use of proxy or cors at layer level (geosolutions-it#10526)

* fix: remove ui element for force proxy and Allow not secure layers

* fix: ajax logic changed, autoDetectCORS is set to true by default

* new central CORS util file created and used in ajax

* checking CORS before adding in common layer file

* null check on getProxyUrl

* updated individual layer considring to use proxy if needed

* avoid proxy cache to update if response is not okey

* enable user to add http url, show warning instead of error, warning text updated

* test cases updated

* fix: resolve conflicts with url check

* fixed the failed test

* review cesium layers

* include add method in model layer

* improve http check for openlayers wms layer

* fix tests

---------

Co-authored-by: allyoucanmap <[email protected]>

* Update openId.md (geosolutions-it#10610)

* Bump spring-security version to 5.7.12 (fixes geosolutions-it#10611) (geosolutions-it#10612)

somehow something in the build already drags this version, and we
end up with two conflicting versions of spring-security in the war
which results in at least failure to authenticate with basic auth.

* Visibility limits - The resolution option is not retained as Limits type geosolutions-it#10391 (geosolutions-it#10598)

* Add lib check release step (geosolutions-it#10614)

* geosolutions-it#4675 Remove unused code (geosolutions-it#10442)

* geosolutions-it#4675 Remove unused code

* remove additional code from review

* fix tests folder

* remove additional unused files

* geosolutions-it#10545: Option to disable identify popup in case of no results (geosolutions-it#10557)

* geosolutions-it#10545: Option to disable identify popup in case of no results
Description:
- handle adding an option called 'hidePopupIfNoResults' to hide the identify popup
- add unit tests
- add jsdoc

* geosolutions-it#10545: Option to disable identify popup in case of no results
Description:
- revert changes in popupSupport files for ol and leaflet + related tests files
- handle hide popup for map viewer with css for openlayers and leaflet approach
- add unit tests
- edit map-popup.less file to handle hide the popup

* geosolutions-it#10545: revert unnecessary changes

* Fix geosolutions-it#10615 removed eval from marker utils (geosolutions-it#10616)

* geosolutions-it#10545: remove marker in case no results + hover identify mode active and hideEmptyPopupOption with true (geosolutions-it#10619)

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lorenzo Natali <[email protected]>
Co-authored-by: Landry Breuil <[email protected]>
Co-authored-by: RowHeat <[email protected]>
Co-authored-by: allyoucanmap <[email protected]>
Co-authored-by: mahmoud adel <[email protected]>
Co-authored-by: Matteo V. <[email protected]>
offtherailz pushed a commit that referenced this issue Oct 18, 2024
@rowheat02 @allyoucanmap @offtherailz
Fix #10505 Allow to specify use of proxy or cors at layer level (#10526)
2b9ae20 
* fix: remove ui element for force proxy and Allow not secure layers

* fix: ajax logic changed, autoDetectCORS is set to true by default

* new central CORS util file created and used in ajax

* checking CORS before adding in common layer file

* null check on getProxyUrl

* updated individual layer considring to use proxy if needed

* avoid proxy cache to update if response is not okey

* enable user to add http url, show warning instead of error, warning text updated

* test cases updated

* fix: resolve conflicts with url check

* fixed the failed test

* review cesium layers

* include add method in model layer

* improve http check for openlayers wms layer

* fix tests

---------

Co-authored-by: allyoucanmap <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rowheat02 rowheat02

@ElenaGallo ElenaGallo

Labels
Accepted enhancement geonode_integration Internal
Projects
None yet
Milestone
2025.01.00
Development

Successfully merging a pull request may close this issue.

fix #10505 Allow to specify use of proxy or cors at layer level rowheat02/MapStore2
4 participants
@tdipisa @allyoucanmap @rowheat02 @ElenaGallo