Mercurial > hg > orthanc-book
comparison Sphinx/source/faq/same-origin.rst @ 0:901e8961f46e
initial commit
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Fri, 22 Apr 2016 12:57:38 +0200 |
parents | |
children | 922f5c7192c6 |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:901e8961f46e |
---|---|
1 Same-origin policy in JavaScript | |
2 ================================ | |
3 | |
4 Orthanc is designed as a lightweight service for medical imaging, | |
5 where the word *service* must be understood in the sense of | |
6 `service-oriented architectures | |
7 <https://en.wikipedia.org/wiki/Service-oriented_architecture>`__. | |
8 External software can interact with the Orthanc service through the | |
9 :ref:`rest`, so as to build higher-level applications that make use of | |
10 DICOM. | |
11 | |
12 Such an external software can be JavaScript code executed by a Web | |
13 browser and making AJAX requests to Orthanc (possibly using the | |
14 widespread jQuery framework). However, such AJAX requests are subject | |
15 to the `same-origin policy | |
16 <https://en.wikipedia.org/wiki/Same-origin_policy>`__ that will | |
17 prevent the JavaScript code to get in touch with the REST API of | |
18 Orthanc, as the origin of the page serving the JavaScript code will | |
19 not be the Orthanc server itself. This problem does not arise with the | |
20 administrative interface :ref:`Orthanc Explorer <orthanc-explorer>`, | |
21 as its JavaScript code is directly served by Orthanc. | |
22 | |
23 We have deliberately decided not to include any mechanism to bypass | |
24 the same-origin policy (`CORS | |
25 <https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`__) into | |
26 the core of Orthanc. By this choice, we hope to force clean Web | |
27 designs, which is especially important for medical applications. To | |
28 circumvent the same-origin policy, you have three choices: | |
29 | |
30 1. Branch the REST API of Orthanc as a **reverse proxy** into the Web | |
31 server that serves the JavaScript code (cf. the instructions for | |
32 :ref:`Apache <apache>` and :ref:`nginx <nginx>`). This is the best | |
33 solution for production. | |
34 2. Use the official `ServeFolders plugin | |
35 <https://bitbucket.org/sjodogne/orthanc/src/default/Plugins/Samples/ServeFolders>`__ | |
36 that can be used to serve JavaScript code directly by the | |
37 **embedded Web server of Orthanc** (i.e. next to its REST | |
38 API). This is the best solution for development or debugging. | |
39 3. Enable **CORS on the top of Orthanc** with your Web server (cf. the | |
40 instructions for :ref:`nginx <nginx-cors>`). This is the most | |
41 hacky solution. |