[ckan-dev] Question: Proxying files in CKAN
Dominik Moritz
domoritz at gmail.com
Fri Sep 21 11:20:41 UTC 2012
I wrote a quick implementation of a proxy which only works for resources. We could even limit it to pdf files.
https://github.com/okfn/ckan/commit/c67ad47ba22b
On Sep 21, 2012, at 11:55 , Toby Dacre <toby.okfn at gmail.com> wrote:
> On 21 September 2012 11:45, Dominik Moritz <domoritz at gmail.com> wrote:
>
>> Hello all,
>>
>> Toby and me added a pdf preview for ckan based on pdf.js. Unfortunately,
>> because of cross domain issues it is not possible to preview files from a
>> different domain. We could add a simple proxy that serves the files. Our
>> question is what implications that could have for ckan.
>>
>> The ide is to have a proxy only for resources. So a request to:
>> /fileproxy/{resource-id} would server the file. It should not be a general
>> proxy because of security issues.
>>
>> Are there serious issues with this approach?
>>
>>
> To widen the discussion a little
>
> the options appear to be
>
> 1) drop the viewer
> 2) only view local files (seems odd to the user that we can see some not
> others)
> 3) have a proxy to reserve the pdf from same domain to avoid the problem
> 4) try to `cache` a local copy of the pdf (are there license issues)
>
> if we decide on 3
>
> we then get the issues
>
> a) as part of ckan is this turned on by default or a plugin so availability
> is an instance level choice (we could check the resource `exists` in ckan
> b) is it externally done via apache/nginx (is this then just an open proxy
> to be abused)
> c) what dangers are there in it for us/clients as the runners of such a
> proxy
>
> personally I'd prefer to look at the 4 option but what do others think?
>
> Toby
>
> Cheers,
>> Dominik
>>
>>
More information about the ckan-dev
mailing list