-
Notifications
You must be signed in to change notification settings - Fork 122
Best Practice
Below are some guidelines about things you can try to do to stay as compliant and as secure as possible when using node-fhir-server-core.
node-fhir-server-core has the ability to run in both http and https mode. In order to run in https mode, you must provide a valid certificate and key. In https mode, the server will also have HSTS enabled. There are other options for deploying with HTTPS. For example, you can deploy this in http mode and put an AWS Load Balancer in front of it and setup an HTTPS domain through Amazon.
While we are not preventing you from running this server in http mode, mainly because we want to provide flexibility with your deployment, we really encourage you to only expose the API over HTTPS.
We are currently not translating resources between versions. If a user makes a request to an stu3 endpoint and your data is in dstu2 format, we will not be attempting to translate that data for you or map any properties between versions. There are many cases where this conversion is simply not possible if you want to remain 100% compliant. However, if you want to map the data yourself outside of core, you can make a best effort to map them in your implementation. We will cast anything that comes back from your services to it's version specific resource. For example, if a GET request comes in for stu3/Patient/12, whatever JSON you return will be used to create a new patient resource based on the stu3 spec.