Authentication to custom dataserver with Cookie - This may save someone else some debugging time. #7055
Unanswered
angelikaSajani
asked this question in
Show and tell
Replies: 2 comments
-
Thanks @angelikaSajani - this is a great tip for everyone 🙂 |
Beta Was this translation helpful? Give feedback.
0 replies
-
As an additional tip: removing those servers from the trusted list when the user logs out acts as an additional safe-guard against data being accessed unlawfully by somebody manually adding a session cookie. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I've just successfully implemented (in principle, refinements pending) a TerriaMap adaptation where the user can login and subsequent requests to our data server are authenticated with a session cookie. There were several hurdles along the way, the last one was to convince the browser to send the cookie along when requesting files.
The solution was hidden somewhere within Cesium: Cesium has a concept of 'trusted servers', and you need to add your server to that list before cookies are sent.
What you need to do:
`
import TrustedServers from "terriajs-cesium/Source/Core/TrustedServers";
TrustedServers.add(
<yourServersHostname>, <yourServersPortNumber>
);`
Explanation: Cesium uses the
XMLHttpRequest
api to fetch files, and in order to send cookies thewithCredentials
option needs to be set totrue
. This only happens if the url's host is listed in TrustedServers.This may be obvious to lots of you, but it wasn't to me, and I hope this saves somebody else some time and grey hair :)
Feature suggestion: make the list of trusted servers configurable similar to
"allowProxyFor"
. Or at least document this somewhere for dummies like me, please.Beta Was this translation helpful? Give feedback.
All reactions