Mercurial > hg > orthanc-book
comparison Sphinx/source/faq/same-origin.rst @ 0:901e8961f46e
initial commit
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Fri, 22 Apr 2016 12:57:38 +0200 |
| parents | |
| children | 922f5c7192c6 |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:901e8961f46e |
|---|---|
| 1 Same-origin policy in JavaScript | |
| 2 ================================ | |
| 3 | |
| 4 Orthanc is designed as a lightweight service for medical imaging, | |
| 5 where the word *service* must be understood in the sense of | |
| 6 `service-oriented architectures | |
| 7 <https://en.wikipedia.org/wiki/Service-oriented_architecture>`__. | |
| 8 External software can interact with the Orthanc service through the | |
| 9 :ref:`rest`, so as to build higher-level applications that make use of | |
| 10 DICOM. | |
| 11 | |
| 12 Such an external software can be JavaScript code executed by a Web | |
| 13 browser and making AJAX requests to Orthanc (possibly using the | |
| 14 widespread jQuery framework). However, such AJAX requests are subject | |
| 15 to the `same-origin policy | |
| 16 <https://en.wikipedia.org/wiki/Same-origin_policy>`__ that will | |
| 17 prevent the JavaScript code to get in touch with the REST API of | |
| 18 Orthanc, as the origin of the page serving the JavaScript code will | |
| 19 not be the Orthanc server itself. This problem does not arise with the | |
| 20 administrative interface :ref:`Orthanc Explorer <orthanc-explorer>`, | |
| 21 as its JavaScript code is directly served by Orthanc. | |
| 22 | |
| 23 We have deliberately decided not to include any mechanism to bypass | |
| 24 the same-origin policy (`CORS | |
| 25 <https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`__) into | |
| 26 the core of Orthanc. By this choice, we hope to force clean Web | |
| 27 designs, which is especially important for medical applications. To | |
| 28 circumvent the same-origin policy, you have three choices: | |
| 29 | |
| 30 1. Branch the REST API of Orthanc as a **reverse proxy** into the Web | |
| 31 server that serves the JavaScript code (cf. the instructions for | |
| 32 :ref:`Apache <apache>` and :ref:`nginx <nginx>`). This is the best | |
| 33 solution for production. | |
| 34 2. Use the official `ServeFolders plugin | |
| 35 <https://bitbucket.org/sjodogne/orthanc/src/default/Plugins/Samples/ServeFolders>`__ | |
| 36 that can be used to serve JavaScript code directly by the | |
| 37 **embedded Web server of Orthanc** (i.e. next to its REST | |
| 38 API). This is the best solution for development or debugging. | |
| 39 3. Enable **CORS on the top of Orthanc** with your Web server (cf. the | |
| 40 instructions for :ref:`nginx <nginx-cors>`). This is the most | |
| 41 hacky solution. |