Mercurial > hg > orthanc-book

diff Sphinx/source/faq/same-origin.rst @ 0:901e8961f46e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
initial commit
author Sebastien Jodogne <s.jodogne@gmail.com>
date Fri, 22 Apr 2016 12:57:38 +0200
parents
children 922f5c7192c6
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Sphinx/source/faq/same-origin.rst	Fri Apr 22 12:57:38 2016 +0200
@@ -0,0 +1,41 @@
+Same-origin policy in JavaScript
+================================
+
+Orthanc is designed as a lightweight service for medical imaging,
+where the word *service* must be understood in the sense of
+`service-oriented architectures
+<https://en.wikipedia.org/wiki/Service-oriented_architecture>`__.
+External software can interact with the Orthanc service through the
+:ref:`rest`, so as to build higher-level applications that make use of
+DICOM.
+
+Such an external software can be JavaScript code executed by a Web
+browser and making AJAX requests to Orthanc (possibly using the
+widespread jQuery framework). However, such AJAX requests are subject
+to the `same-origin policy
+<https://en.wikipedia.org/wiki/Same-origin_policy>`__ that will
+prevent the JavaScript code to get in touch with the REST API of
+Orthanc, as the origin of the page serving the JavaScript code will
+not be the Orthanc server itself. This problem does not arise with the
+administrative interface :ref:`Orthanc Explorer <orthanc-explorer>`,
+as its JavaScript code is directly served by Orthanc.
+
+We have deliberately decided not to include any mechanism to bypass
+the same-origin policy (`CORS
+<https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>`__) into
+the core of Orthanc. By this choice, we hope to force clean Web
+designs, which is especially important for medical applications.  To
+circumvent the same-origin policy, you have three choices:
+
+1. Branch the REST API of Orthanc as a **reverse proxy** into the Web
+   server that serves the JavaScript code (cf. the instructions for
+   :ref:`Apache <apache>` and :ref:`nginx <nginx>`). This is the best
+   solution for production.
+2. Use the official `ServeFolders plugin
+   <https://bitbucket.org/sjodogne/orthanc/src/default/Plugins/Samples/ServeFolders>`__
+   that can be used to serve JavaScript code directly by the
+   **embedded Web server of Orthanc** (i.e. next to its REST
+   API). This is the best solution for development or debugging.
+3. Enable **CORS on the top of Orthanc** with your Web server (cf. the
+   instructions for :ref:`nginx <nginx-cors>`). This is the most 
+   hacky solution.