Comments (8)
reverted commit. Problem:
- Basic authentication via ajax requests works when request is send with with the 'withCredentials' flag
- The browser throws an error when the domain is cors-enabled using a wildcard value, and when the
credentials
flag istrue
.
As a consequence, setting the withCredentials
flag to true, will cause YASGUI to fail on all (not just the ones with basic auth) endpoints which are cors-enabled using a wildcard.
For those datasets that have basic authentication, YASGUI would only work when nginx has a non-wildcard value (a simple workaround: add_header 'Access-Control-Allow-Origin' "$http_origin";
)
So, postpone this issue a bit, and find out whether there is a better solution
from yasgui.
Please, could you explain me how to access an endpoint that is protected with BASIC authentication ? Where I have to put credentials?
from yasgui.
This can only be done with the previous version of YASGUI:
http://legacy.yasgui.org
-Rinke
On Thu, Sep 24, 2015 at 10:59 PM Enrico Fagnoni [email protected]
wrote:
Please, could you explain me how to access an endpoint that is protected
with BASIC authentication ? Where I have to put credentials?—
Reply to this email directly or view it on GitHub
#45 (comment).
from yasgui.
Hi Rinke,
it is something planned also for the new version or just an dead feature? I
see a proposed but reverted patch
Could you please point me somewhere I can get docs to know how to use auth
in legacy version.
Thankyou for your attention. Great project!
Enrico
2015-09-25 11:49 GMT+02:00 Rinke Hoekstra [email protected]:
This can only be done with the previous version of YASGUI:
http://legacy.yasgui.org-Rinke
On Thu, Sep 24, 2015 at 10:59 PM Enrico Fagnoni [email protected]
wrote:Please, could you explain me how to access an endpoint that is protected
with BASIC authentication ? Where I have to put credentials?—
Reply to this email directly or view it on GitHub
#45 (comment).—
Reply to this email directly or view it on GitHub
#45 (comment).
from yasgui.
Hi Enrico,
What Rinke meant is that in the legacy version, you are able to set http headers via the YASGUI interface. You can handle the basic authentication info via these headers.
The reverted solution was a more high level attempt to solve basic authentication, i.e. by providing users with a password prompt. As explained above, this does not work in all scenarios, which is why it was reverted.
To help people who need basic authentication, I will add the functionality for users to specify http headers (similar to the functionality in the legacy version). This will probably be done over the weekend
from yasgui.
@ecow and @RinkeHoekstra , YASGUI now supports setting headers manually.
For basic authentication this is still a bit ugly though: you'll need to set 'Authorization' as key and an authentication token (see https://en.wikipedia.org/wiki/Basic_access_authentication) as value.
As described in my first comment in this thread, there is no easy and clean fix for enabling a password prompt for endpoints with basic authentication, because the appropriate flags won't work with wild-card cors-enabled endpoints. Solving this issue automatically is not possible: the 'Access-Control-Allow-Origin' response header is not accessible via javascript, so I cannot detect when to enable or disable basic authentication.
Instead, I propose to add an option to the tab pane menu that enables or disables authentication (default: disabled).
In your scenario, you should be able to toggle this option, and get a password login prompt. I'll see whether I can add this soon
from yasgui.
Great. Thank you.
from yasgui.
I'll close this ticket. It seems that adding generic means of authentication to any other triple store is just not possible (see Triply-Dev/YASGUI.YASQE-deprecated#94 as well).
And: given the configurability of YASGUI and YASQE, publishers can always modify some default settings of their own YASGUI instance by modifying the XHR settings and the default request headers together with the appropriate response headers given by the server (e.g. no wildcard CORS flag) to get authentication working
from yasgui.
Related Issues (20)
- there is any way to assign my api response to Yasr HOT 12
- Send a tabid along with query in POST request
- yasr component is being duplicate while state change HOT 3
- Low priority: Small change to Ellipse text
- Upgrade cookiejar dependency to 2.1.4 (or above) to mitigate CVE-2022-25901 HOT 1
- How to override Sparql Response before calling any rendering plugins HOT 1
- Accessilbity: missing labels
- Cross-Site Scripting (XSS) vulnerability in "endpoint" input field HOT 2
- Cross-Site Scripting (XSS) vulnerability in YASGUI result set table
- codemirror.js Uncaught TypeError: how can I solve? HOT 1
- Cross-Site Scripting (XSS) vulnerability in "endpoint" input field
- Add documentation for Yasr plugin creation in React
- [question]How to get the query when press run button from the Yasgui
- Option to persist sparql query on each change
- Querying multiple endpoints from the ame YasQE, and aggregating results in YasR
- Missing "build/index.min.js" in "@triply/yasgui-utils" npm package
- alterative coordinate systems (SRS/CRS) in Geo view
- support GML in Geo view
- How to extend timeout?
- YasR plugin "score" / "ranking" so that it is displayed in priority
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yasgui.