When a RAML spec
!includes other files, the parser, via a mediation layer, needs to go fetch those files. If they have an absolute URL, in a browser setting, the mediation layer can load directly from that URL, or can use a proxy service (hosted on the same domain as the current page) to load that file. Using a proxy has some pros and cons:
- Pro: The remote file can be hosted somewhere that doesn’t provide CORS, and still avoid the cross-domain restrictions that would otherwise break the loading
- Pro: If there’s a custom proxy service used, it can verify access, cache, etc.
Con: A generic proxy service, if located outside the firewall, will not be able to access any resources within your firewall or on your desktop, greatly limiting the places you can host your
Now, finer-grained controls can allow for all these cases, so e.g. the designer and console could have settings for whether to load from a proxy, from which proxy, etc. But since those settings are not attached to the RAML spec itself, how would you make sure those settings are also used when you publish your spec, load it from the notebook, etc?
Perhaps you could just use no proxy by default, but have a bit.ly-like service into which you paste your URL and it returns the one of a proxy service for that URL, and then the author of the RAML spec can choose whether the URLs of the
!included files in the spec are direct URLs or use the proxied URL?
Of course, you could also just use no proxy generally and ensure your
!included files are only hosted on CORS-supporting servers.
Any thoughts on these or other approaches?