annotate Sphinx/source/faq/same-origin.rst @ 660:a6e371768a70

dicom-as-json
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 29 Apr 2021 12:41:31 +0200
parents 2f0b35240a9d
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
34
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
1 .. _same-origin:
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
2
0
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3 Same-origin policy in JavaScript
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 ================================
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 Orthanc is designed as a lightweight service for medical imaging,
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 where the word *service* must be understood in the sense of
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 `service-oriented architectures
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 <https://en.wikipedia.org/wiki/Service-oriented_architecture>`__.
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 External software can interact with the Orthanc service through the
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 :ref:`rest`, so as to build higher-level applications that make use of
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 DICOM.
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 Such an external software can be JavaScript code executed by a Web
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 browser and making AJAX requests to Orthanc (possibly using the
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16 widespread jQuery framework). However, such AJAX requests are subject
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 to the `same-origin policy
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18 <https://en.wikipedia.org/wiki/Same-origin_policy>`__ that will
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 prevent the JavaScript code to get in touch with the REST API of
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 Orthanc, as the origin of the page serving the JavaScript code will
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 not be the Orthanc server itself. This problem does not arise with the
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22 administrative interface :ref:`Orthanc Explorer <orthanc-explorer>`,
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23 as its JavaScript code is directly served by Orthanc.
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
25 We have deliberately decided not to include any mechanism to bypass
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
26 the same-origin policy (`CORS
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
27 <https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`__) into
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
28 the core of Orthanc. By this choice, we hope to force clean Web
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
29 designs, which is especially important for medical applications. To
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
30 circumvent the same-origin policy, you have three choices:
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32 1. Branch the REST API of Orthanc as a **reverse proxy** into the Web
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33 server that serves the JavaScript code (cf. the instructions for
100
2f0b35240a9d add ref to IIS
amazy
parents: 34
diff changeset
34 :ref:`Apache <apache>`, :ref:`nginx <nginx>` and :ref:`iis <IIS>`).
2f0b35240a9d add ref to IIS
amazy
parents: 34
diff changeset
35 This is the best solution for production.
34
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
36 2. Use the official :ref:`ServeFolders plugin <serve-folders>` that
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
37 can be used to serve JavaScript code directly by the **embedded Web
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
38 server of Orthanc** (i.e. next to its REST API). This is the best
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
39 solution for development or debugging.
0
901e8961f46e initial commit
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
40 3. Enable **CORS on the top of Orthanc** with your Web server (cf. the
34
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
41 instructions for :ref:`nginx <nginx-cors>`). This is the most hacky
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 0
diff changeset
42 solution.