[SERVER-9327] Core Simple Rest Interface to support Cross-origin resource sharing Created: 11/Apr/13 Updated: 07/Jul/17 Resolved: 07/Jul/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | HTTP Console |
| Affects Version/s: | 2.4.1 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Marcin Waligora | Assignee: | DO NOT USE - Backlog - Platform Team |
| Resolution: | Done | Votes: | 1 |
| Labels: | platforms-re-triaged, pull-request, rest | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Participants: | |||||||||
| Description |
|
There are some instances where data in mongoDB is publicly open. The main reason why this is so useful is we have mongo databases distributed globally yet our web servers are located in one region. Obviously if we go with Sleepy Mongoose or any other outside of core system interfaces we have to send our requests back to the web servers. |
| Comments |
| Comment by Sven Ludwig [ 31/Jan/15 ] |
|
From a security perspective, such settings should be configurable and with secure defaults. However, projects usually have the option to use the reverse proxy infrastructure pattern and proxy MongoDB (with nginx, Apache and other things). A proxy layer can be responsible for adding or substracting web security as needed, and also do all kinds of other things a reverse proxy can do for you (TLS termination, routing etc.). |
| Comment by Marcin Waligora [ 06/Jun/13 ] |
|
Making this issue depend on something as vague as Better REST api query guarentees it will not be created. |