Disclose access to external webservices (other than the configured schemas) #103

New issue

Open

opened 2025-08-18 07:54:43 +00:00 by mih · 1 comment

mih commented 2025-08-18 07:54:43 +00:00 (Migrated from github.com)

Copy link

This could be CDN-based stylesheets, javascript libraries, or fonts for the API docs, or any other online resource

This information is necessary to be able to compile an accurate privacy policy for a specific deployment, because client access to such a service will trigger access logs at third-party services.

This could be CDN-based stylesheets, javascript libraries, or fonts for the API docs, or any other online resource This information is necessary to be able to compile an accurate privacy policy for a specific deployment, because client access to such a service will trigger access logs at third-party services.

christian-monch commented 2025-09-08 11:48:05 +00:00 (Migrated from github.com)

Copy link

The service itself needs to download only the files necessary for schema interpretation. These include the configured schema files as well as imported files. The libraries we use (linkml, rdflib, SQLalchemy, requests, etc) could download additional data, for example SSL-certificates or revocation lists. Whether that is the case or not has to be verified.

Stylesheets, javascript libraries, fonts etc are downloaded by the client, i.e. the browser, and must be disclosed by the browser.

The service itself needs to download only the files necessary for schema interpretation. These include the configured schema files as well as imported files. The libraries we use (linkml, rdflib, SQLalchemy, requests, etc) could download additional data, for example SSL-certificates or revocation lists. Whether that is the case or not has to be verified. Stylesheets, javascript libraries, fonts etc are downloaded by the client, i.e. the browser, and must be disclosed by the browser.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

remove_duplication

audit-with-apply-change-set

forgejo-labels

maintenance-command

move-workflow-to-forgejo

classes-in-server-endpoint

redirect-root

linkml-test

issue-175

fix_any_of

forgejo-authsource-caching

issue-168

graphql

6.0.2

6.0.1

6.0.0

5.6.1

5.6.0

5.5.0

5.4.0

5.3.6

5.3.5

5.3.4

5.3.3

5.3.2

5.3.1

5.3.0

5.2.1

5.2.0

5.1.1

5.1.0

5.0.3

5.0.2

5.0.1

5.0.0

4.7.0

4.6.1

4.6.0

4.5.3

4.5.2

4.5.1

4.5.0

4.4.0

4.3.1

4.2.0

4.3.0

4.1.1

4.1.0

4.0.0

3.6.0

3.5.0

3.3.3

3.3.2

3.3.1

3.3.0

3.2.1

3.1.0

3.0.1

3.0.0

2.4.1

2.3.4

2.3.3

2.4.0

2.3.2

2.3.0

2.2.0

2.1.0

2.0.1

2.0.0

1.1.0

1.0.0

0.5.0

0.4.0

0.3.0

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.1

0.1.0

labelless

Labels

Clear labels   

bug

Something isn't working

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

orinoco/dump-things-server#103

No description provided.