You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Option 1 is not bad but we have to make sure that only relative URLs are used since the host part of the URL comes from the servient and not from the binding (which manages the forms href). There was previously a discussion about this at #632 . I propose to keep only one issue and move the comments from to the other.
I think that the PR missing the validation side. In my understanding, it is possible to write something like { "/properties/test" : "http://hello.com/test" }, which is something not desirable. Should we validate both In URI and out URI to be relative references? Maybe we can do this in a future PR.
I have the feeling that abusing it in any way is somewhat up to the user.
What if I want to use a different IP of the machine node-wot is not aware of. We would prohibit it. There might be other cases.
What are the main arguments why we should apply further checks?
I noticed this comment from @egekorkan :
I think that the PR missing the validation side. In my understanding, it is possible to write something like
{ "/properties/test" : "http://hello.com/test" }
, which is something not desirable. Should we validate both In URI and out URI to be relative references? Maybe we can do this in a future PR.Originally posted by @relu91 in #810 (comment)
The text was updated successfully, but these errors were encountered: