On Fri, May 30, 2014 at 5:51 PM, Christian Mueller <
[email protected]> wrote:
> Hi Andrea
>
> Yes, security orientated. I prefer the white list, did you expect the
> opposite :-)
>
Not from you no, but here we have to think about what the average user
might want, not about our personal inclinations.
I'm good either way though, someone will get upset no matter if we
implement if one way or the other.
>
> The restriction is done at the service level. If there is a strong demand
> for finer granularity, we can add the functionality on a layer level later,
> using the service configuration as a default for all layers.
>
> About getFeatureInfo:
>
> At the moment it is possible to disable getFeatureInfo at all, so far so
> good. The code for this kind of request uses a default content type, no
> service exception is thrown.
> What should happen for a getFeatureInfo request if the content type is not
> allowed. Should we trigger a Service Exception or return nothing ?.
>
Service exception, if the mime type is not listed in the caps document, we
should ask as if it was not there
>
> If there is a demand for adding format restrictions for getFeatureInfo at
> the service level, this would be the best point of time to do it. Let me
> know.
>
Uh, it's a bit odd to have the limit just for GetMap, but when people ask
we can always answer "because the funds were limited to GetMap".
Just make it evident in the gui that the whitelist is for GetMap only
Cheers
Andrea
--
==
Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK
for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
