Enquiry on hostname whitelisting & OpenCert ViewerJuly 17, 2020 at 4:44am (Edited 2 months ago)
We are implementing the OpenCerts viewer currently, and would like to seek guidance on the following items:
- As shown in the link [https://github.com/Open-Attestation/adr/blob/master/universal_actions.md], the hostname of the provided url must be whitelisted by action.openattestation.com in order to use the service. What is the SOP to request for hostname whitelisting?
2 . When developing the feature [UAT Development process], which action.openattestation.com endpoint should we call? Is there any testing endpoint for action.openattestation.com for testing purpose? [e.g. dev.action.openattestation.com ?]
3 . Noticed that when we call via both endpoint (dev.opencerts.io and action.openattestation.com), the openCerts file will still be able to be displayed correctly. May I seek guidance which one should be the most appropriate way?
July 17, 2020 at 9:28am
action.openattestation.com only allow redirection to
Is there any app you would like to redirect to that is not listed there ?
If you work only on opencerts, I would say you can directly redirect to opencerts (as it will always follow the same method)
For UAT environment you can use dev.opencerts.io instead
August 5, 2020 at 6:18am
i there, I am implementing this together with juenming, when i tried to use another domain as the uri, the opencert cannot be loaded. Please refer to the attached screenshot for the error.
These are the opencert viewer urls used for testing:
Uploaded file: https://dev.opencerts.io/?q=%7B%22type%22%3A%22DOCUMENT%22%2C%22payload%22%3A%7B%22uri%22%3A%22https://opencerttest.s3.ap-southeast-1.amazonaws.com/samplecert.json%22%2C%22redirect%22%3A%22https%3A%2F%2Fdev.opencerts.io%22%7D%7D
August 6, 2020 at 2:22am
From the chrome devtool
dev.opencerts.io/:1 Access to fetch at 'https://opencerttest.s3.ap-southeast-1.amazonaws.com/samplecert.json' from origin 'https://dev.opencerts.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
You need to set cors or we won't be able to get the file