Follow-up from "Add enhanced schema for security policies"
The following discussion from !87338 (merged) should be addressed:
-
@mikolaj_wawrzyniak started a discussion: (+3 comments) question: Following https://json-schema.org/understanding-json-schema/structuring.html#id
You can set the base URI by using the $id keyword at the root of the schema. The value of $id is a URI-reference without a fragment that resolves against the Retrieval URI. The resulting URI is the base URI for the schema.
and https://json-schema.org/understanding-json-schema/structuring.html#ref
The URI-references in $ref resolve against the schema’s Base URI (https://example.com/schemas/customer) which results in https://example.com/schemas/address. The implementation retrieves that schema and uses it to evaluate the “shipping_address” and “billing_address” properties.
And since self-managed instances are installed under their own domains I wonder if using fixed gitlab.com domain would not create issues if anybody would decided to use
$ref
keyword in this schema in the future.
Implementation plan
-
backend Use ref_resolver
option inJsonSchemer#schema
to provide customized ref resolver, so it will not return file path to the schema, it will return path the schema in$id
field,