Description

The way the http-proxy is used in the application need to be changed and improved to guarantee more automation, better flexibility and exempting also users from interacting with certain concepts CORS related.

At the moment, the application proxy is used by default for all Ajax requests cross domain. If the requested base URL is specified in the useCORS configuration, then MS assumes that CORS headers are enabled and allowed for the origin and the proxy is not used automatically.

There are also different behaviors on how layers tile requests are performed based on the mapping library, e.g.:

• OpenLayers by default doesn't use the proxy for loading layer tiles
• Cesium by default configures the proxy based on the global proxyUrl property in localConfig.json

With this issue it is requested to change the current behavior to not use the proxy by default (1) and let the MS application to automatically establish when the use of the proxy is necessary through a proper logic depending on the request.

Acceptance criteria

• A preflight request should be performed (e.g simply checking the useCORS first and performing an test request early after if necessary) to check if CORS are enabled and allowed. This could happen for example when a catalog source is created or updated but other valid solutions are also accepted
• Basically, where necessary, the proxy should be automatically used for all requests the application needs to perform (e.g. Ajax requests) if CORS are not allowed. The MS logic should be anyway enough robust and smart to understand if under certain special conditions the proxy is necessary (even if CORS are allowed, for example) such as:
  • To prevent mixed contents when HTTP resources are requested under HTTPs (the proxy is needed anyway). A message should be also notified to the user in catalog tool when a source is added/saved by saying something like:
    The specified URL is not secure as it uses HTTP. An URL using HTTPs protocol should be provided. Using HTTP, requests will be handled automatically to prevent browser security issues by passing through the proxy.
  • To load OL layer tiles in map according to the source type (OL doesn't need tile URLs passing through the proxy for WMS GetMap requests, for example, even if CORS are not allowed)
• The Force proxy (Layer Settings) and the Allow not secure layers (Catalog tool for WMS/WFS sources) are no longer needed and the logic can be removed
• The requested default overall behavior (1) should be coherent for all source types supported (WMS, WFS, WMTS, TMS, ArcGIS, IFC and 3D Tiles) as well as mapping libraries (OL, Leaflet and Cesium)

Other useful information

As a consequence of this implementation the PR #10474 and the connected issue become out of date and can be closed with a comment.