Comments (15)
@dblezek Thanks for the detailed report.
@cpatrick @jamiesnape Would it help to update the latest version of Midas ?
from midas.
No and streaming is not an option in general. Do we need to support using a browser to make API calls? What is the use case?
from midas.
@jamiesnape Working on a browser based viewer for Slicer MRB files. One of the use cases would be to have a list of available MRB files from MIDAS, and click load. This works fine if you download the MRB and then drag it onto the page, but CORS does not let the data be fetched from MIDAS. Perhaps you could include CORS headers to be enabled for all downloads?
Not sure why you couldn't send the file directly from http://slicer.kitware.com/midas3/rest/bitstream/download/{id} without the redirect. The REST API lead me to believe it was possible...
from midas.
@dblezek Let me investigate and I will get back to you with a solution.
from midas.
Not sure why you couldn't send the file directly from http://slicer.kitware.com/midas3/rest/bitstream/download/{id} without the redirect.
We probably could, however the redirect isn't the issue here since it's just redirecting to the same origin (http://slicer.kitware.com). It's the XHR from your origin to slicer.kitware.com that is causing the CORS. In any case, we should expose instance-level settings for CORS headers to allow from cross origin XHR like in this case. @jamiesnape you may be able to borrow some logic in that regard from the way girder does this: girder/girder#580
from midas.
Sorry, meant this PR girder/girder#549
from midas.
@zachmullen, the redirect is the problem. The /rest/bitstream/download/{id} returns with a nice Access-Control-Allow-Origin: "*"
header. If the data came over that request, XHR would be happy. The redirect URL does not have the CORS header, so XHR does not allow it. That is, if I understand how csrf-prevention works.
The last request does not have the Access-Control-Allow-Origin:
header, and that is what trips up XHR:
REST Call:
non-REST Call:
from midas.
Interesting, thanks for the info -- I was unaware that part of MIDAS was sending permissive CORS headers and part was not. Definitely strange behavior that should be fixed. :)
from midas.
So it turns out that in /library/REST/Controller/Plugin/RestHandler.php, we have:
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
// ...
// Cross-Origin Resource Sharing (CORS)
// TODO: probably should be an environment setting?
$this->_response->setHeader('Access-Control-Max-Age', '86400');
$this->_response->setHeader('Access-Control-Allow-Origin', '*');
$this->_response->setHeader('Access-Control-Allow-Credentials', 'true');
$this->_response->setHeader('Access-Control-Allow-Headers', 'Authorization, X-Authorization, Origin, Accept, Content-Type, X-Requested-With, X-HTTP-Method-Override');
// ...
}
from midas.
Looking deeper, there are a lot of issues with the code in the REST_ namespace.
from midas.
Thanks for looking into it. Much appreciated.
from midas.
Yes, thanks!
from midas.
I will try to get a fix in for the version 3.4 release.
from midas.
@jamiesnape or @zachmullen Any progress? Would love to integrate Midas into my project.
thanks
from midas.
@dblezek No progress, I am afraid. There will be some refactoring related to the REST_ namespace in 3.4.1, but I do not have an ETA yet.
from midas.
Related Issues (20)
- InstallController.php HOT 1
- API key generation only give JSON text. HOT 1
- My Account selection from Menu HOT 1
- Browse tab HOT 1
- logout tab HOT 1
- current Midas setup 3.4.1 HOT 2
- Cannot retrieve password HOT 2
- FIle permissions
- Master installation failling - "Unable to find sql file" HOT 1
- Solr folder and item search
- Delete Cleanup and Geolocation modules
- midas.kitware.com new user registration fails
- The VIRAT folder on midas3.kitware.com is empty
- Propose a Docker image to end-users
- Fail to upgrade PrivateModules with Midas 3.4.2 HOT 3
- Fail to install Midas 3.2.20: "Could not find mixer" error HOT 8
- Can't download bitstream from API HOT 2
- User deletion fails
- I can not modify users information to add them to administrator a collection HOT 6
- Midas 3.4.2 Unable to connect. In UtilityComponent.php, line: 393 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from midas.