Hey,
thanks for the reply, this is more clear now.
If it is enough to prevent adversaries from intercepting the requests, then you can safely use WMS with the evalscript
parameter or Processing API (where the evalscript is provided in the body of a POST http request).
HTTPS URLs are encrypted (except for the domain name), so the evalscript parameter can’t be seen by sniffing the network.
This way would still allow tech-literate users to get the evalscript from the requests that can be observed in the network tab in devtools of the web browsers.
If there is a need to also prevent that, then this can be solved in several different ways with a small backend which would have your SPECIAL_BAND_RATIO
and would generate evalscript based on the users’ input values.
Option 1: Backend would serve as a way to update evalscript on Sentinel Hub
This is easier to do and more suitable for interactive maps (e.g. Leaflet.js - no change to WMS Layer).
Downside is that every user would change the “global” evalscript for a layer that is used by every “instance” of the frontend (for every user).
- user provides values and confirms (button with “submit” / “apply” / “update”)
- frontend sends the values to the backend
- backend
- generates evalscript and saves it to Sentinel Hub (documentation for this)
- responds to frontend to let it know that the evalscript is saved
- frontend requests new images from Sentinel Hub and displays them like normal images or on the map (e.g. with Leaflet.js).
Option 2: Backend would act like a proxy (“middle man”) for WMS / Processing API requests
This is not really suitable for use for interactive maps (e.g. would need to mimick WMS server behaviour) and might mean even more work.
- user provides values and confirms (button with “submit” / “apply” / “update”)
- frontend makes requests to the backend to get new images and provides the users’ values, area (bbox / geometry) and time
- backend
- generates the evalscript and makes a WMS (with
evalscript
parameter) or Processing API request to Sentinel Hub
- returns results to the frontend
Hope you find a good solution with these ideas.