OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: CORS settings on OASIS specs

I'll check and reply back. Need to check with Scott and IT.Â

On Mon, Aug 5, 2019 at 2:51 PM Andreas Kuehne <kuehne@trustable.de> wrote:
Hi Chet,

yes, I guess we need a CORS Header at least for the
oasis-dss-core-openapi.json and oasis-dss-metadata-openapi.json. But it
could be absolutely possible that other files (XML schemes) could be
accessed by a browser based application. Does OASIS has a policy for
handling Cross-Site-Requests? We don't want to introduce an security
holes or inconveniences for the administrators.

Greetings,

Andreas
> Andreas, I don't fully understand your question.
>
> If it is whether or not you all can add a CORS header to some of your
> files, then yes, certainly, you can do so.
>
> If it whether or not I can add a CORS header, then my question is 'what do
> you need me to do and where do you need it done?'
>
>
>
> On Sun, Aug 4, 2019 at 9:22 AM Andreas Kuehne <kuehne@trustable.de> wrote:
>
>> Hi Chet,
>>
>>
>> yet another question:
>>
>> What's the OASIS policy on CORS header? I just came across this topic
>> when trying to open OAS-Spec od the DSS-X core 2.0 . The request to open
>>
>>
>> https://docs.oasis-open.org/dss-x/dss-core/v2.0/cs01/schema/oasis-dss-core-openapi.json
>>
>> on
>>
>> https://editor.swagger.io
>>
>> fails without any hint. There should be some information for the user.,
>> but that's not our responsibility. After opening the browser I learned
>> that the cause is a missing CORS header enabling the browser to access
>> the DSS-X core spec in a cross-domain manner.
>>
>> Would it be possible to add the corresponding header?
>>
>>
>> Greetings,
>>
>>
>> Andreas
>>
>>
>> --
>> Andreas KÃhne
>>
>> Chair of OASIS DSS-X
>>
>> phone: +49 177 293 24 97
>> mailto: kuehne@trustable.de
>>
>> Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659
>> Hannover Amtsgericht Hannover HRB 212612
>>
>> Director Andreas KÃhne
>>
>> Company UK Company No: 5218868 Registered in England and Wales
>>
>>
>>

--
Andreas KÃhne

Chair of OASIS DSS-X

phone: +49 177 293 24 97
mailto: kuehne@trustable.de

Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612

Director Andreas KÃhne

Company UK Company No: 5218868 Registered in England and Wales




--

/chetÂ
----------------
Chet Ensign
Chief Technical Community Steward
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Mobile: +1 201-341-1393Â

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]