Stream: implementers
Topic: Test.fhir.org unsecured, broken link
Josh Mandel (Dec 06 2021 at 19:29):
@Grahame Grieve when I try https://test.fhir.org/r4/Observation I get
but the "unsecured" link is to http://https//test.fhir.org/r4. When I fix this by turning it into https://test.fhir.rog/r4 I wind up basically back where I started.
Grahame Grieve (Dec 07 2021 at 05:09):
thanks. fixed next upgrade (which just got closer)
Grahame Grieve (Dec 07 2021 at 05:09):
should be http://test.fhir.org/r4
Josh Mandel (Dec 07 2021 at 14:05):
Thanks. Ah, there's no way to connect that is https but open?
René Spronk (Dec 07 2021 at 14:44):
Similarly I had https:/[testserver]/metadata fail on me the other day because of an auth failure. Do we have any wording about potential security issues around exposing /metadata ?
Grahame Grieve (Dec 07 2021 at 18:06):
there's no way to connect that is https but open
No. It's on my todo list, but it's not possible right now
Grahame Grieve (Dec 07 2021 at 18:07):
Do we have any wording about potential security issues around exposing /metadata ?
I don't think so. Servers may choose to require auth to see their capability statement, or they may choose to serve a different one to an authorised user
René Spronk (Dec 08 2021 at 07:16):
You seem to suggest that having a 'public' minimal version may be a way to go forward? Akin to the /.well-known file for oAuth, one needs to have certain minimal information to go on..
Last updated: Apr 12 2022 at 19:14 UTC
