feat: protect the metadata - basic auth #111
Conversation
…well as the corresponding tests; missing is still mtls
|
@jurijat: Please have a look. Thanks! |
aramovic79
changed the title
…tection-of-metadata
|
Sorry, I also currently cannot find to do extensive code PR reviews, I can only give feedback / answers on overall questions that come it. It would be good if the code review is handled by the people who currently work actively on the codebase. I trust you'll do that right :) |
|
[like] Ramovic, Albin reacted to your message:
…________________________________
From: Simon Heimler ***@***.***>
Sent: Tuesday, February 11, 2025 8:20:45 AM
To: cap-js/ord ***@***.***>
Cc: Ramovic, Albin ***@***.***>; Author ***@***.***>
Subject: Re: [cap-js/ord] feat: protect the metadata - basic auth (PR #111)
Sorry, I also currently cannot find to do extensive code PR reviews, I can only give feedback / answers on overall questions that come it. It would be good if the code review is handled by the people who currently work actively on the codebase. I trust you'll do that right :)
—
Reply to this email directly, view it on GitHub<#111 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AQNH3LZWHQRHT65DEMFF36L2PGXF3AVCNFSM6AAAAABVVNA3CGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNJQGA4TKMZXGU>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Co-authored-by: Sebastian Wennemers <[email protected]>
Co-authored-by: Sebastian Wennemers <[email protected]>
It is done here: https://github.com/cap-js/ord/blob/feat/52-protection-of-metadata/README.md#Authentication |
| @@ -58,4 +58,4 @@ For testing an example app is available in the `xmpl` folder: | |||
| npm install -g @sap/cds-dk | |||
| cds w xmpl | |||
| ``` | |||
| After the CAP app has started, open this link in your browser: http://localhost:4004/open-resource-discovery/v1/documents/1 | |||
| After the CAP app has started, open this link in your browser: http://localhost:4004/ord/v1/documents/ord-document | |||
There was a problem hiding this comment.
I would change the entrypoint from http://localhost:4004/ord/v1/documents/ord-document to http://localhost:4004/.well-known/open-resource-discovery
There was a problem hiding this comment.
I don't know if it was previously intended to take the contributor directly to the ORD document rather than first to the ORD .well-known configuration.
@Fannon @swennemers @zongqichen : What would be you opinion - to leave ORD document endpoint url or to replace it with the .well-known configuration url?
There was a problem hiding this comment.
Your call, ORD discovery starts with the configuration endpoint, but the more interesting part are the ord documents.
There was a problem hiding this comment.
I agree with Juri. I think we should point to ORD Configuration endpoint in the documentation as an entry point. We also give ORD Configuration endpoint to our aggregators, not direct links to ORD Documents. Lets be consistent.
No description provided.