34
|
1 .. _same-origin:
|
|
2
|
0
|
3 Same-origin policy in JavaScript
|
|
4 ================================
|
|
5
|
|
6 Orthanc is designed as a lightweight service for medical imaging,
|
|
7 where the word *service* must be understood in the sense of
|
|
8 `service-oriented architectures
|
|
9 <https://en.wikipedia.org/wiki/Service-oriented_architecture>`__.
|
|
10 External software can interact with the Orthanc service through the
|
|
11 :ref:`rest`, so as to build higher-level applications that make use of
|
|
12 DICOM.
|
|
13
|
|
14 Such an external software can be JavaScript code executed by a Web
|
|
15 browser and making AJAX requests to Orthanc (possibly using the
|
|
16 widespread jQuery framework). However, such AJAX requests are subject
|
|
17 to the `same-origin policy
|
|
18 <https://en.wikipedia.org/wiki/Same-origin_policy>`__ that will
|
|
19 prevent the JavaScript code to get in touch with the REST API of
|
|
20 Orthanc, as the origin of the page serving the JavaScript code will
|
|
21 not be the Orthanc server itself. This problem does not arise with the
|
|
22 administrative interface :ref:`Orthanc Explorer <orthanc-explorer>`,
|
|
23 as its JavaScript code is directly served by Orthanc.
|
|
24
|
|
25 We have deliberately decided not to include any mechanism to bypass
|
|
26 the same-origin policy (`CORS
|
|
27 <https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`__) into
|
|
28 the core of Orthanc. By this choice, we hope to force clean Web
|
|
29 designs, which is especially important for medical applications. To
|
|
30 circumvent the same-origin policy, you have three choices:
|
|
31
|
|
32 1. Branch the REST API of Orthanc as a **reverse proxy** into the Web
|
|
33 server that serves the JavaScript code (cf. the instructions for
|
100
|
34 :ref:`Apache <apache>`, :ref:`nginx <nginx>` and :ref:`iis <IIS>`).
|
|
35 This is the best solution for production.
|
34
|
36 2. Use the official :ref:`ServeFolders plugin <serve-folders>` that
|
|
37 can be used to serve JavaScript code directly by the **embedded Web
|
|
38 server of Orthanc** (i.e. next to its REST API). This is the best
|
|
39 solution for development or debugging.
|
0
|
40 3. Enable **CORS on the top of Orthanc** with your Web server (cf. the
|
34
|
41 instructions for :ref:`nginx <nginx-cors>`). This is the most hacky
|
|
42 solution.
|