Comments (6)
Shouldn't that be handled by the reverse proxy? (I might be completely wrong here) 🤔
Can you please describe a little bit more what the setup would look like? (How do you run Secvisogram (Dev/Production, Server/Standalone mode, behind a proxy...) and how did you configure it to work with the validation service?
from csaf-validator-service.
I am currently at the first stage: get it started with all modules in a test environment (currently local virtual machine on my laptop with its own network interface assigned). I am using the setup "out of the box" with the validation service configured to operate on localhost:8081 to be reached directly. Once this is up and running, we can determine what we need to do to turn this into a production setup (inside the enterprise network, reachable via proxy, using enterprise user management, having backup for the configuration and the advisory database...). The full packages looks promising.
I have proposed a CORS support pull request in the csaf-validator-service repo. If this a good idea or not, I don't know, at least it allowed me to get a fully operational TEST installation.
Having this said, I already see the first issue arising: In the mustache Template.html external styles are hardcoded and in a productive environment "weasyprint" will have a hard time loading these styles (behind a firewall, the proxy could be reached but would need authentication, etc.). The styles could of course be inlined (works) but then the automatic tests fail because the text is hard coded there... Should I open an issue for this topic?
from csaf-validator-service.
The styles could of course be inlined (works) but then the automatic tests fail because the text is hard coded there... Should I open an issue for this topic?
Please do so in the appropriate repo.
from csaf-validator-service.
@ljaenicke Is that issue resolved for you?
from csaf-validator-service.
@ljaenicke Does the current version resolve the issue for you?
from csaf-validator-service.
Resolved.
from csaf-validator-service.
Related Issues (20)
- Server should be bindable to specific IP
- Document production
- Expose preset as defined in CSAF spec
- Dokumentationsanpassungen
- Prüfen, dass nur gültige Tests übergeben werden
- Fix vulnerabilities HOT 2
- Document Hunspell HOT 1
- Automate Update of the docs
- Solve deprecation warning in Workflows
- Unify order of output HOT 2
- Issue with building docker image HOT 2
- Update default body limit to 50 MiB HOT 1
- Make CORS confígurable HOT 1
- Building the Docker image fails HOT 1
- Enlarge the config HOT 1
- Run service with pm2 fails
- Excessive processing time for larger files HOT 4
- Invalid CPE regular expression HOT 1
- GH Action Update HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csaf-validator-service.