0
|
1 Same-origin policy in JavaScript
|
|
2 ================================
|
|
3
|
|
4 Orthanc is designed as a lightweight service for medical imaging,
|
|
5 where the word *service* must be understood in the sense of
|
|
6 `service-oriented architectures
|
|
7 <https://en.wikipedia.org/wiki/Service-oriented_architecture>`__.
|
|
8 External software can interact with the Orthanc service through the
|
|
9 :ref:`rest`, so as to build higher-level applications that make use of
|
|
10 DICOM.
|
|
11
|
|
12 Such an external software can be JavaScript code executed by a Web
|
|
13 browser and making AJAX requests to Orthanc (possibly using the
|
|
14 widespread jQuery framework). However, such AJAX requests are subject
|
|
15 to the `same-origin policy
|
|
16 <https://en.wikipedia.org/wiki/Same-origin_policy>`__ that will
|
|
17 prevent the JavaScript code to get in touch with the REST API of
|
|
18 Orthanc, as the origin of the page serving the JavaScript code will
|
|
19 not be the Orthanc server itself. This problem does not arise with the
|
|
20 administrative interface :ref:`Orthanc Explorer <orthanc-explorer>`,
|
|
21 as its JavaScript code is directly served by Orthanc.
|
|
22
|
|
23 We have deliberately decided not to include any mechanism to bypass
|
|
24 the same-origin policy (`CORS
|
|
25 <https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`__) into
|
|
26 the core of Orthanc. By this choice, we hope to force clean Web
|
|
27 designs, which is especially important for medical applications. To
|
|
28 circumvent the same-origin policy, you have three choices:
|
|
29
|
|
30 1. Branch the REST API of Orthanc as a **reverse proxy** into the Web
|
|
31 server that serves the JavaScript code (cf. the instructions for
|
|
32 :ref:`Apache <apache>` and :ref:`nginx <nginx>`). This is the best
|
|
33 solution for production.
|
|
34 2. Use the official `ServeFolders plugin
|
|
35 <https://bitbucket.org/sjodogne/orthanc/src/default/Plugins/Samples/ServeFolders>`__
|
|
36 that can be used to serve JavaScript code directly by the
|
|
37 **embedded Web server of Orthanc** (i.e. next to its REST
|
|
38 API). This is the best solution for development or debugging.
|
|
39 3. Enable **CORS on the top of Orthanc** with your Web server (cf. the
|
|
40 instructions for :ref:`nginx <nginx-cors>`). This is the most
|
|
41 hacky solution.
|