[ckan-dev] CKAN question about APIKey
Kimpe Marc
Marc.Kimpe at cronos.be
Fri Aug 5 13:09:26 UTC 2011
Thanks Rufus for the answer.
I got it solved by
protecting the std-ckan with my reverse proxy
and
opening up only std-ckan/api - the reverse proxy thought that the
APIKey was for his authorization.
So everybody can read through the API.
Only holders of an APIKey - to be obtained from std-ckan, which is
protected - can write.
The case "(and a similar fix may be needed for reverse proxy setups)."
would apply here,
though I do not see how to do this since the reverse proxy does not
have modwsgi installed.
Kind Regards,
Marc
On 05 Aug 2011, at 14:01, Rufus Pollock wrote:
> On 5 August 2011 06:24, Kimpe Marc <Marc.Kimpe at cronos.be> wrote:
>>> I have a standard install of the CKAN software.
>
> Great to hear -- and perhaps you'd be up for adding some info about
> your instance to this page:
>
> <http://wiki.ckan.net/Instances>
>
> (You'll need to register to edit at the moment)
>
>>> It is working fine.
>>>
>>>
>>> However there is a slight problem with reverse proxies.
>>>
>>> While I can load data with the API locally - behind my reverse
>>> proxy,
>>> it is not working if I pass through the reverse proxy.
>
> Just to check, if you are using modwsgi you need:
>
> WSGIPassAuthorization On
>
> Otherwise the API Key info is not necessarily passed through correctly
> (and a similar fix may be needed for reverse proxy setups).
>
> More info about deployment is here:
>
> <http://wiki.ckan.net/Deployment>
>
> (Please do add info about your own experiences)./
>
>>> Probably the APIKey being generated for the site ( tmpl-ckan) is
>>> not
>>> working if I address the site through the reverse proxy ( std-
>>> ckan ).
>>>
>>> Is there a documented way to indicate the actual URL we use to
>>> generate the APIKey ?
>>> or
>>> Alternatively can we disable the APIKey, since the reverse proxy is
>>> checking credentials anyway ?
>
> CKAN just checks the API key -- it isn't tied to a specific url so
> this should not be an issue.
>
> Regards,
>
> Rufus
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-dev
More information about the ckan-dev
mailing list