menu
Channels
Team

Enquiry on hostname whitelisting & OpenCert Viewer

July 17, 2020 at 4:44am

Enquiry on hostname whitelisting & OpenCert Viewer

July 17, 2020 at 4:44am (Edited 2 months ago)
Hi Guys,
We are implementing the OpenCerts viewer currently, and would like to seek guidance on the following items:
  1. As shown in the link [https://github.com/Open-Attestation/adr/blob/master/universal_actions.md], the hostname of the provided url must be whitelisted by action.openattestation.com in order to use the service. What is the SOP to request for hostname whitelisting?
whitelist.PNG
2 . When developing the feature [UAT Development process], which action.openattestation.com endpoint should we call? Is there any testing endpoint for action.openattestation.com for testing purpose? [e.g. dev.action.openattestation.com ?]
3 . Noticed that when we call via both endpoint (dev.opencerts.io and action.openattestation.com), the openCerts file will still be able to be displayed correctly. May I seek guidance which one should be the most appropriate way?
both.PNGoc.PNG
Thanks!

July 17, 2020 at 9:28am
action.openattestation.com only allow redirection to
Is there any app you would like to redirect to that is not listed there ?
If you work only on opencerts, I would say you can directly redirect to opencerts (as it will always follow the same method)
For UAT environment you can use dev.opencerts.io instead
  • reply
  • like
Hi Nebulis, thanks for you reply. The redirection is only for OpenCerts currently, so I can directly redirect to opencerts.io. May I know is there any whitelisting (for the provided uri) required for redirection to opencerts.io?
  • reply
  • like
No whitelisting needed for opencerts.io :)
  • reply
  • like
great to know! Thanks! =)
  • reply
  • like

August 5, 2020 at 6:18am

August 6, 2020 at 2:22am
From the chrome devtool
dev.opencerts.io/:1 Access to fetch at 'https://opencerttest.s3.ap-southeast-1.amazonaws.com/samplecert.json' from origin 'https://dev.opencerts.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
You need to set cors or we won't be able to get the file
  • reply
  • like