Depends on:
See also:
Currently we are duplicating block screens between Via and ViaHTML. This seems ok as we plan to retire Via, but ideally we'd like to use this service elsewhere. At which point each service would need to duplicate these pages.
It would make more sense for Checkmate to be able to render warning pages instead and provide them for other services.
This would require:
- Providing links to the calling services
- Exposing templates which can render the warnings
Progress
Implementation nodes
We could return a header like:
Link: <http://checkmate.hypothes.is/api/url?url=...&accept=text/html>; rel="presentation"
But everyone hates headers. So perhaps less cryptically in the JSON body. We use JSON API which defines a "links" format like this:
{
"data": [
{
"type": "reason",
"id": "malicious",
"attributes": {"severity": "mandatory"}
}
],
"meta": {"maxSeverity": "mandatory"},
"links": {
"presentation": "https://checkmate.hypothes.is/present?url=http://some.bad.website"
}
}Then a service can call the end-point, decide whether it cares, and then redirect the user to the presentation URL if it does.
It might be a very nice feature if:
- You can't make Checkmate report whatever you want by modified URL
- We don't want to hand another tool to users which allows them to make our site render any content they like (for example putting an exploit site into our page which directs you to click through)
- One option is to have the end-point completely decide how to present the page
- Another is to have a token / hash which is checked to ensure it came from Checkmate
Implementation plan
- Move pages into Checkmate so it can serve them
- Have Checkmate start returning links to them in it's payload
- Modify
checkmatelib to make these easily accessible to client apps
- Modify client apps to redirect to the link instead of presenting their own pages
- Remove the old pages from the other apps
Depends on:
See also:
Currently we are duplicating block screens between Via and ViaHTML. This seems ok as we plan to retire Via, but ideally we'd like to use this service elsewhere. At which point each service would need to duplicate these pages.
It would make more sense for Checkmate to be able to render warning pages instead and provide them for other services.
This would require:
Progress
checkmatelibto pass on the value - Extract the presentation URL from checkmate responses checkmatelib#5not-explicitly-allowedpages #149Implementation nodes
We could return a header like:
Link: <http://checkmate.hypothes.is/api/url?url=...&accept=text/html>; rel="presentation"But everyone hates headers. So perhaps less cryptically in the JSON body. We use JSON API which defines a "links" format like this:
{ "data": [ { "type": "reason", "id": "malicious", "attributes": {"severity": "mandatory"} } ], "meta": {"maxSeverity": "mandatory"}, "links": { "presentation": "https://checkmate.hypothes.is/present?url=http://some.bad.website" } }Then a service can call the end-point, decide whether it cares, and then redirect the user to the presentation URL if it does.
It might be a very nice feature if:
Implementation plan
checkmatelibto make these easily accessible to client apps