osmosis
osmosis copied to clipboard
Allow cookies to be sent with HTTP replication requests
This is work in process but feedback is appreciated.
Geofabrik's download server has been requiring an authentication cookie for all OSM data which contains sensitive personal metadata (username, user IDs, changeset IDs) since Thursday. Data protection regulations require us to ensure that only authorized users access personal metadata.
To use the new cookie support of Osmosis, users have to place a file called cookie.txt
in the working directory next to the configuration.txt
file. configuration.txt
needs to be extended by a property attachCookie = true
to enable cookie support.
The server-side authentication software is open source. There is also a client to retrieve cookies automatically (it is necessary to do this every 48 hours for security reasons).
I will add an additional call to the bot API [1] of the Geofabrik Download server to make it possible for Osmosis to check the validity of the cookie instead of checking for HTTP status 301 (redirect to osm.org OAuth authorization form).
The OSM Foundation might choose to use existing software to reduce the necessary work because they have to do similar changes to planet.openstreetmap.org.
This is a follow-up of https://github.com/geofabrik/sendfile_osm_oauth_protector/issues/2 raised by @pedro042
[1] unofficial name