RFC3 - Define Acceptable Service Urls

Owned by ScottS
Last updated: May 27, 2009Version comment
1 min read

Currently, CAS accepts any arbitrary service urls, unless restricted by the Services Management Tool (which its recommend you use). This may not be ideal, often does not make it clear what services are being accessed, and makes debugging harder.

The following prefixes are recommended:
https:// (or http://) - HTTP based services, including RESTful and SOAP based services offered over HTTP
imap:// (or imaps://) - IMAP services that are generally used for proxying
smtp:// (or smtp://) for SMTP services

We may wish to rely on the list here

CAS would parse and understand these prefixes only. This would provide a minimal level of security and protection even if the Services Management Tool was not used.