Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewJsonDirectoryServer ¶
func NewJsonDirectoryServer(schemaDirectory string, validator openrtb_ext.BidderParamValidator, aliases map[string]string) httprouter.Handle
NewJsonDirectoryServer is used to serve .json files from a directory as a single blob. For example, given a directory containing the files "a.json" and "b.json", this returns a Handle which serves JSON like:
{ "a": { ... content from the file a.json ... }, "b": { ... content from the file b.json ... } }
This function stores the file contents in memory, and should not be used on large directories. If the root directory, or any of the files in it, cannot be read, then the program will exit.
func SupportCORS ¶
Fixes #648
These CORS options pose a security risk... but it's a calculated one. People _must_ call us with "withCredentials" set to "true" because that's how we use the cookie sync info. We also must allow all origins because every site on the internet _could_ call us.
This is an inherent security risk. However, PBS doesn't use cookies for authorization--just identification. We only store the User's ID for each Bidder, and each Bidder has already exposed a public cookie sync endpoint which returns that data anyway.
For more info, see:
- https://github.com/rs/cors/issues/55 - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials - https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties
Types ¶
type Router ¶
type Router struct { *httprouter.Router MetricsEngine *metricsConf.DetailedMetricsEngine ParamsValidator openrtb_ext.BidderParamValidator Shutdown func() }