This repository was archived by the owner on Apr 26, 2023. It is now read-only.
This repository was archived by the owner on Apr 26, 2023. It is now read-only.
Improved support for allowedReferer #282
Description
All three proxies currently support allowedReferer, but with some variations. This is a proposal for standardising and adding some functionality to the allowedReferer property. See table below as well as the bullet points below it.
| allowedReferers | will exactly match... | will not match... |
|---|---|---|
| www.example.com | http://www.example.com | http://www.example.com/ |
| (as above) | https://www.example.com | http://www.example.net |
| (as above) | http://www.example.com/folder | |
| (as above) | http://deep.domain.example.com | |
| *.example.com | http://www.example.com | http://example.com |
| (as above) | https://www.example.com | http://deep.domain.example.com |
| 127.0.0.1 | http://127.0.0.1 | http://localhost |
| (as above) | http://127.0.0 | |
| (as above) | http://127.0.0.2 | |
| www.example.* | www.example.se | www.example.se.com |
| (as above) | www.example.com | |
| www.example.com/* | http://www.example.com/anything | |
| www.example.com/a | http://www.example.com/a | http://www.example.com/a/ |
| (as above) | http://www.example.com/ab | |
| www.example.com/a* | http://www.example.com/a | http://www.example.com/b |
| (as above) | http://www.example.com/ab.html |
- //www.example.com - same as for "www.example.com" - both http and https would be allowed
- http://www.example.com - same as for "www.example.com" except only for http, and not for https.
- https://www.example.com - same as for "www.example.com" except only for https, and not for http.
The intention is to have the same behavior as for url property for each serviceUrl entry.
As well as be consistent with the "service proxies" in ArcGIS Online.
It differs from AGO in:
- that for AGO you need to specify both http and https, while with resource proxy you can specify neither protocol (or use generic //).
- that for AGO it sort of adds a wildcard, i.e. you can't lock it down to not support subfolders.
Feedback? Cc: @afili @jgravois @guo7711 @esoekianto @phpmaps @cheetah90