Hey all,
In order to simplify deployment of OpenLayers applications on top of
GeoServer, I would like to create a community module on trunk that
mimics the proxy.cgi script that is often used with OpenLayers.
Basically, this script accepts a URL as a query parameter and forwards
the request to another server, allowing OpenLayers applications to load
feature data and other resources from servers other than the one hosting
the application. The script would eventually allow for host-based and
mimetype-based filtering of proxied requests to help admins prevent
abuse.
If there are no objections I'd like to get this into SVN later today.
--
David Winslow
OpenGeo - http://opengeo.org/
No objections here. +1
David Winslow wrote:
Hey all,
In order to simplify deployment of OpenLayers applications on top of
GeoServer, I would like to create a community module on trunk that
mimics the proxy.cgi script that is often used with OpenLayers.
Basically, this script accepts a URL as a query parameter and forwards
the request to another server, allowing OpenLayers applications to load
feature data and other resources from servers other than the one hosting
the application. The script would eventually allow for host-based and
mimetype-based filtering of proxied requests to help admins prevent
abuse.
If there are no objections I'd like to get this into SVN later today.
--
David Winslow
OpenGeo - http://opengeo.org/
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
David Winslow ha scritto:
Hey all,
In order to simplify deployment of OpenLayers applications on top of
GeoServer, I would like to create a community module on trunk that
mimics the proxy.cgi script that is often used with OpenLayers.
Basically, this script accepts a URL as a query parameter and forwards
the request to another server, allowing OpenLayers applications to load
feature data and other resources from servers other than the one hosting
the application. The script would eventually allow for host-based and
mimetype-based filtering of proxied requests to help admins prevent
abuse.
If there are no objections I'd like to get this into SVN later today.
No objections, but one curiosity. How is this better than the "www" folder provided in the data dir (that allows for static file publishing?)
Cheers
Andrea
--
Andrea Aime
OpenGeo - http://opengeo.org
Expert service straight from the developers.
The proxy is not for hosting the application itself, but allowing it to
circumvent the same-origin policy imposed on JavaScript applications by
web browsers (JavaScript applications cannot make HTTP requests to
domains other than the one hosting the page they run in). This is only
needed for OpenLayers applications that need to read XML data from
third-party servers.
For the curious, more on the same-origin policy:
http://en.wikipedia.org/wiki/Same_origin_policy
--
David Winslow
OpenGeo - http://opengeo.org/
On Tue, 2009-06-16 at 19:08 +0200, Andrea Aime wrote:
David Winslow ha scritto:
> Hey all,
>
> In order to simplify deployment of OpenLayers applications on top of
> GeoServer, I would like to create a community module on trunk that
> mimics the proxy.cgi script that is often used with OpenLayers.
> Basically, this script accepts a URL as a query parameter and forwards
> the request to another server, allowing OpenLayers applications to load
> feature data and other resources from servers other than the one hosting
> the application. The script would eventually allow for host-based and
> mimetype-based filtering of proxied requests to help admins prevent
> abuse.
>
> If there are no objections I'd like to get this into SVN later today.
No objections, but one curiosity. How is this better than the "www"
folder provided in the data dir (that allows for static file publishing?)
Cheers
Andrea
Okay, a basic proxy restlet has hit trunk. I had to make a few
modifications to the rest module to get it to compile, but have not
committed these. A patch is attached if someone (jdeolive, maybe?)
would care to review. I guess I'll need to update the code anyway when
the changes from 1.7.x are ported forward anyway so perhaps it's not
that important that this compiles right now.
--
David Winslow
OpenGeo - http://opengeo.org/
On Tue, 2009-06-16 at 13:16 -0400, David Winslow wrote:
The proxy is not for hosting the application itself, but allowing it to
circumvent the same-origin policy imposed on JavaScript applications by
web browsers (JavaScript applications cannot make HTTP requests to
domains other than the one hosting the page they run in). This is only
needed for OpenLayers applications that need to read XML data from
third-party servers.
For the curious, more on the same-origin policy:
http://en.wikipedia.org/wiki/Same_origin_policy
--
David Winslow
OpenGeo - http://opengeo.org/
On Tue, 2009-06-16 at 19:08 +0200, Andrea Aime wrote:
> David Winslow ha scritto:
> > Hey all,
> >
> > In order to simplify deployment of OpenLayers applications on top of
> > GeoServer, I would like to create a community module on trunk that
> > mimics the proxy.cgi script that is often used with OpenLayers.
> > Basically, this script accepts a URL as a query parameter and forwards
> > the request to another server, allowing OpenLayers applications to load
> > feature data and other resources from servers other than the one hosting
> > the application. The script would eventually allow for host-based and
> > mimetype-based filtering of proxied requests to help admins prevent
> > abuse.
> >
> > If there are no objections I'd like to get this into SVN later today.
>
> No objections, but one curiosity. How is this better than the "www"
> folder provided in the data dir (that allows for static file publishing?)
>
> Cheers
> Andrea
>
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
(attachments)
rest.patch (3.49 KB)
I am curious as to how these compile? I guess you had to add dependencies on all the service modules? On 1.7.x the W*SConfig classes were all in main, but in trunk the W*SInfo classes are in the respective service modules.
David Winslow wrote:
Okay, a basic proxy restlet has hit trunk. I had to make a few
modifications to the rest module to get it to compile, but have not
committed these. A patch is attached if someone (jdeolive, maybe?)
would care to review. I guess I'll need to update the code anyway when
the changes from 1.7.x are ported forward anyway so perhaps it's not
that important that this compiles right now.
--
David Winslow
OpenGeo - http://opengeo.org/
On Tue, 2009-06-16 at 13:16 -0400, David Winslow wrote:
The proxy is not for hosting the application itself, but allowing it to
circumvent the same-origin policy imposed on JavaScript applications by
web browsers (JavaScript applications cannot make HTTP requests to
domains other than the one hosting the page they run in). This is only
needed for OpenLayers applications that need to read XML data from
third-party servers.
For the curious, more on the same-origin policy:
http://en.wikipedia.org/wiki/Same_origin_policy
--
David Winslow
OpenGeo - http://opengeo.org/
On Tue, 2009-06-16 at 19:08 +0200, Andrea Aime wrote:
David Winslow ha scritto:
Hey all,
In order to simplify deployment of OpenLayers applications on top of
GeoServer, I would like to create a community module on trunk that
mimics the proxy.cgi script that is often used with OpenLayers.
Basically, this script accepts a URL as a query parameter and forwards
the request to another server, allowing OpenLayers applications to load
feature data and other resources from servers other than the one hosting
the application. The script would eventually allow for host-based and
mimetype-based filtering of proxied requests to help admins prevent
abuse.
If there are no objections I'd like to get this into SVN later today.
No objections, but one curiosity. How is this better than the "www" folder provided in the data dir (that allows for static file publishing?)
Cheers
Andrea
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
------------------------------------------------------------------------
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
------------------------------------------------------------------------
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
That patch includes all the changes I needed to get things to compile in
eclipse and with maven. I guess the service modules get pulled through
some dependency?
--
David Winslow
OpenGeo - http://opengeo.org/
On Tue, 2009-06-16 at 14:16 -0600, Justin Deoliveira wrote:
I am curious as to how these compile? I guess you had to add
dependencies on all the service modules? On 1.7.x the W*SConfig classes
were all in main, but in trunk the W*SInfo classes are in the respective
service modules.
David Winslow wrote:
> Okay, a basic proxy restlet has hit trunk. I had to make a few
> modifications to the rest module to get it to compile, but have not
> committed these. A patch is attached if someone (jdeolive, maybe?)
> would care to review. I guess I'll need to update the code anyway when
> the changes from 1.7.x are ported forward anyway so perhaps it's not
> that important that this compiles right now.
>
> --
> David Winslow
> OpenGeo - http://opengeo.org/
>
> On Tue, 2009-06-16 at 13:16 -0400, David Winslow wrote:
>> The proxy is not for hosting the application itself, but allowing it to
>> circumvent the same-origin policy imposed on JavaScript applications by
>> web browsers (JavaScript applications cannot make HTTP requests to
>> domains other than the one hosting the page they run in). This is only
>> needed for OpenLayers applications that need to read XML data from
>> third-party servers.
>>
>> For the curious, more on the same-origin policy:
>> http://en.wikipedia.org/wiki/Same_origin_policy
>>
>> --
>> David Winslow
>> OpenGeo - http://opengeo.org/
>>
>> On Tue, 2009-06-16 at 19:08 +0200, Andrea Aime wrote:
>>> David Winslow ha scritto:
>>>> Hey all,
>>>>
>>>> In order to simplify deployment of OpenLayers applications on top of
>>>> GeoServer, I would like to create a community module on trunk that
>>>> mimics the proxy.cgi script that is often used with OpenLayers.
>>>> Basically, this script accepts a URL as a query parameter and forwards
>>>> the request to another server, allowing OpenLayers applications to load
>>>> feature data and other resources from servers other than the one hosting
>>>> the application. The script would eventually allow for host-based and
>>>> mimetype-based filtering of proxied requests to help admins prevent
>>>> abuse.
>>>>
>>>> If there are no objections I'd like to get this into SVN later today.
>>> No objections, but one curiosity. How is this better than the "www"
>>> folder provided in the data dir (that allows for static file publishing?)
>>>
>>> Cheers
>>> Andrea
>>>
>>
>> ------------------------------------------------------------------------------
>> Crystal Reports - New Free Runtime and 30 Day Trial
>> Check out the new simplified licensing option that enables unlimited
>> royalty-free distribution of the report engine for externally facing
>> server and web deployment.
>> http://p.sf.net/sfu/businessobjects
>> _______________________________________________
>> Geoserver-devel mailing list
>> Geoserver-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>
>> ------------------------------------------------------------------------
>>
>> ------------------------------------------------------------------------------
>> Crystal Reports - New Free Runtime and 30 Day Trial
>> Check out the new simplified licensing option that enables unlimited
>> royalty-free distribution of the report engine for externally facing
>> server and web deployment.
>> http://p.sf.net/sfu/businessobjects
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Geoserver-devel mailing list
>> Geoserver-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Hi,
I just skimmed through it, and maybe I am missing something. But it sounds and looks like by default it allows anyone to go anywhere?
I realize we will not be shipping this by default, but I don't think that's a good idea anyway. We should include a regex filter from the start (can be simple, set in an environment variable) and have the default configuration deny all requests. Otherwise we will be tempting spammers and script kiddies, and if you pay for excessive bandwidth it can get ugly quite fast.
-Arne
David Winslow wrote:
Hey all,
In order to simplify deployment of OpenLayers applications on top of
GeoServer, I would like to create a community module on trunk that
mimics the proxy.cgi script that is often used with OpenLayers.
Basically, this script accepts a URL as a query parameter and forwards
the request to another server, allowing OpenLayers applications to load
feature data and other resources from servers other than the one hosting
the application. The script would eventually allow for host-based and
mimetype-based filtering of proxied requests to help admins prevent
abuse.
If there are no objections I'd like to get this into SVN later today.
--
David Winslow
OpenGeo - http://opengeo.org/
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
You're not missing anything, the proxy service I committed yesterday is
a completely open proxy (well, it only allows GET requests to anonymous
users, but that's more or less an accident with the default permissions
on restlet extensions). Alan will be starting work on regex whitelists
for hostname- and mimetype-based filtering later this week.
--
David Winslow
OpenGeo - http://opengeo.org/
On Wed, 2009-06-17 at 12:17 -0500, Arne Kepp wrote:
Hi,
I just skimmed through it, and maybe I am missing something. But it
sounds and looks like by default it allows anyone to go anywhere?
I realize we will not be shipping this by default, but I don't think
that's a good idea anyway. We should include a regex filter from the
start (can be simple, set in an environment variable) and have the
default configuration deny all requests. Otherwise we will be tempting
spammers and script kiddies, and if you pay for excessive bandwidth it
can get ugly quite fast.
-Arne
David Winslow wrote:
> Hey all,
>
> In order to simplify deployment of OpenLayers applications on top of
> GeoServer, I would like to create a community module on trunk that
> mimics the proxy.cgi script that is often used with OpenLayers.
> Basically, this script accepts a URL as a query parameter and forwards
> the request to another server, allowing OpenLayers applications to load
> feature data and other resources from servers other than the one hosting
> the application. The script would eventually allow for host-based and
> mimetype-based filtering of proxied requests to help admins prevent
> abuse.
>
> If there are no objections I'd like to get this into SVN later today.
>
> --
> David Winslow
> OpenGeo - http://opengeo.org/
>
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Geoserver-devel mailing list
> Geoserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
