OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss-x message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [dss-x] Re: CORS settings on OASIS specs

Hi Chet,

that look like a simple solution for us!

Greetings,

Andreas
> Hi Andreas,
>
> Jesse, our IT contact, recommends that we just enable CORS for all of
> docs.oasis-open.org. That should eliminate the need for you to explicitly
> set them for your schemas. I'll let you know as soon as we have a final
> disposition.
>
> /chet
>
> On Mon, Aug 5, 2019 at 2:51 PM Andreas Kuehne <kuehne@trustable.de> wrote:
>
>> Hi Chet,
>>
>> yes, I guess we need a CORS Header at least for the
>> oasis-dss-core-openapi.json and oasis-dss-metadata-openapi.json. But it
>> could be absolutely possible that other files (XML schemes) could be
>> accessed by a browser based application. Does OASIS has a policy for
>> handling Cross-Site-Requests? We don't want to introduce an security
>> holes or inconveniences for the administrators.
>>
>> Greetings,
>>
>> Andreas
>>> Andreas, I don't fully understand your question.
>>>
>>> If it is whether or not you all can add a CORS header to some of your
>>> files, then yes, certainly, you can do so.
>>>
>>> If it whether or not I can add a CORS header, then my question is 'what
>> do
>>> you need me to do and where do you need it done?'
>>>
>>>
>>>
>>> On Sun, Aug 4, 2019 at 9:22 AM Andreas Kuehne <kuehne@trustable.de>
>> wrote:
>>>> Hi Chet,
>>>>
>>>>
>>>> yet another question:
>>>>
>>>> What's the OASIS policy on CORS header? I just came across this topic
>>>> when trying to open OAS-Spec od the DSS-X core 2.0 . The request to open
>>>>
>>>>
>>>>
>> https://docs.oasis-open.org/dss-x/dss-core/v2.0/cs01/schema/oasis-dss-core-openapi.json
>>>> on
>>>>
>>>> https://editor.swagger.io
>>>>
>>>> fails without any hint. There should be some information for the user.,
>>>> but that's not our responsibility. After opening the browser I learned
>>>> that the cause is a missing CORS header enabling the browser to access
>>>> the DSS-X core spec in a cross-domain manner.
>>>>
>>>> Would it be possible to add the corresponding header?
>>>>
>>>>
>>>> Greetings,
>>>>
>>>>
>>>> Andreas
>>>>
>>>>
>>>> --
>>>> Andreas KÃhne
>>>>
>>>> Chair of OASIS DSS-X
>>>>
>>>> phone: +49 177 293 24 97
>>>> mailto: kuehne@trustable.de
>>>>
>>>> Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659
>>>> Hannover Amtsgericht Hannover HRB 212612
>>>>
>>>> Director Andreas KÃhne
>>>>
>>>> Company UK Company No: 5218868 Registered in England and Wales
>>>>
>>>>
>>>>
>> --
>> Andreas KÃhne
>>
>> Chair of OASIS DSS-X
>>
>> phone: +49 177 293 24 97
>> mailto: kuehne@trustable.de
>>
>> Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659
>> Hannover Amtsgericht Hannover HRB 212612
>>
>> Director Andreas KÃhne
>>
>> Company UK Company No: 5218868 Registered in England and Wales
>>
>>
>>

-- 
Andreas KÃhne 

Chair of OASIS DSS-X
 
phone: +49 177 293 24 97 
mailto: kuehne@trustable.de

Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612

Director Andreas KÃhne

Company UK Company No: 5218868 Registered in England and Wales

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]