-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: pass-by-value API #549
Comments
Hi! I think this sounds like a good idea, but it would maybe be cleaner to make a separate handler and entry point instead of adding a flag, i.e.:
This way, the security can be more cleanly controlled (making sure we do not expose any files), and a different set of configurations can be applied to this server (what makes sense for a single user's one-off server probably doesn't make sense for a multi-tenant service). That is just me thinking out loud, so if you have any thoughts or concerns, I'm happy to discuss (with or without a PR). 👍 |
I want to host nbdime as a multi-tenant, stateless REST service. However the diff & merge APIs currently only support local paths or URLs as arguments. This requires either uploading the files to the server or hosting them publicly, both of which I want to avoid.
Proposed change:
Allow the diff & merge apis to take notebook json as arguments; i.e. for
/api/diff
the request JSON would now be:If the endpoint receives a dictionary for any of the arguments, it would interpret it as a notebook and use that directly.
Some kind of
--disallow-notebook-paths
server flag to disable passing a path or URL to the API would be good too, for security purposes.I'm willing to make the changes for this, just looking for any feedback first.
The text was updated successfully, but these errors were encountered: