[Gmod-ajax] Embed JBrowse & web service

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Gmod-ajax] Embed JBrowse & web service

ps9tg
Hi All,

I'm trying to embed JBrowse into our software's browser interface. JBrowse uses our back-end REST web service running locally on port8088. To my knowledge, I think JBrowse is running locally on port 8080. I use iframe to embed JBrowse into our webpage. The JBrowse window shows up nicely but it doesn't display feature track from our web service. The error message from Chrome's developer tool is "not allowed by Access-control-Allow-Origin" on localhost. I have little experience with network security and Chrome in general but after some searches I tried adding : header Access-Control-Allow-Origin: * to both a .htaccess file inside JBrowse folder and the /etc/apache2/apache2.conf file but it doesn't fix the problem. However, if I try --disable-web-security in Chrome it works. It could be that I added .htaccess file to a wrong directory. If so, where do I add the header to allow access?

I also attached 2 screenshots, one of a security-disabled browser and another of a non-working page with an error message to this email.
Any help or suggestion will be appreciated.

Thanks,
Gift Sinthong

------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Gmod-ajax mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gmod-ajax

Screenshot 2014-01-31 18.06.27.jpg (217K) Download Attachment
Screenshot 2014-01-31 18.07.51.jpg (289K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Embed JBrowse & web service

Robert Buels-2
Hi Gift,

Well, by far the easiest thing to do is just to run JBrowse on the same
server (and the same port) that is serving the data.

Otherwise, you are going to need to configure CORS on the server, which
it sounds like you are starting to do.

There are a lot of subtleties regarding JavaScript same-origin policies,
CORS, and so forth.  The wikipedia page on CORS provides a good
introduction to it, and to the JavaScript same-origin policy:

http://en.wikipedia.org/wiki/Cross-origin_resource_sharing

and for CORS web server configuration,
http://enable-cors.org/server.html is a nice site with lots of tips.

After you feel like you have the general idea of what this subject is
all about, I'd recommend looking in the web developer tools in your web
browser to see what headers and responses are travelling between the
browser and your server, paying special attention to the OPTIONS
requests, and their
Access-Control-Request-Header/Access-Control-Allow-Header headers.  When
you can see exactly what requests and responses are happening, that
provides you a good basis for troubleshooting your web server configuration.


Robert Buels
Lead Developer
JBrowse - http://jbrowse.org

On 01/31/2014 03:35 PM, Phanwadee Sinthong wrote:

> Hi All,
>
> I'm trying to embed JBrowse into our software's browser interface.
> JBrowse uses our back-end REST web service running locally on port8088.
> To my knowledge, I think JBrowse is running locally on port 8080. I use
> iframe to embed JBrowse into our webpage. The JBrowse window shows up
> nicely but it doesn't display feature track from our web service. The
> error message from Chrome's developer tool is "not allowed by
> Access-control-Allow-Origin" on localhost. I have little experience with
> network security and Chrome in general but after some searches I tried
> adding : header |Access-Control-Allow-Origin:*| to both a .htaccess file
> inside JBrowse folder and the /etc/apache2/apache2.conf file but it
> doesn't fix the problem. However, if I try --disable-web-security in
> Chrome it works. It could be that I added .htaccess file to a wrong
> directory. If so, where do I add the header to allow access?
>
> I also attached 2 screenshots, one of a security-disabled browser and
> another of a non-working page with an error message to this email.
> Any help or suggestion will be appreciated.
>
> Thanks,
> Gift Sinthong
>
>
> ------------------------------------------------------------------------------
> WatchGuard Dimension instantly turns raw network data into actionable
> security intelligence. It gives you real-time visual feedback on key
> security issues and trends.  Skip the complicated setup - simply import
> a virtual appliance and go from zero to informed in seconds.
> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Gmod-ajax mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/gmod-ajax
>

------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Gmod-ajax mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gmod-ajax
Reply | Threaded
Open this post in threaded view
|

Re: Embed JBrowse & web service

Robert Buels-2
You probably want to either make the app that is serving the web service
also serve the JBrowse static files, or (and this is probably better in
the long run), you need to make the web service emit the proper HTTP
headers to support CORS, as described at http://enable-cors.org/server.html.

Does that make sense?


Robert Buels
Lead Developer
JBrowse - http://jbrowse.org

On 02/05/2014 10:25 AM, Phanwadee Sinthong wrote:

> Hi Robert,
>
> Thank you very much for suggesting a solution. I tried changing the port
> which our web service runs on to 8080 but I still get the same error
> message.
> Is it possible that JBrowse is not running on port 8080? Is there a way
> to specify port number to JBrowse? now I only have localhost/JBrowse....
> as the url.
>
> Thanks,
> Gift
>
>
> On Fri, Jan 31, 2014 at 8:41 PM, Robert Buels <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Hi Gift,
>
>     Well, by far the easiest thing to do is just to run JBrowse on the
>     same server (and the same port) that is serving the data.
>
>     Otherwise, you are going to need to configure CORS on the server,
>     which it sounds like you are starting to do.
>
>     There are a lot of subtleties regarding JavaScript same-origin
>     policies, CORS, and so forth.  The wikipedia page on CORS provides a
>     good introduction to it, and to the JavaScript same-origin policy:
>
>     http://en.wikipedia.org/wiki/__Cross-origin_resource_sharing
>     <http://en.wikipedia.org/wiki/Cross-origin_resource_sharing>
>
>     and for CORS web server configuration,
>     http://enable-cors.org/server.__html
>     <http://enable-cors.org/server.html> is a nice site with lots of tips.
>
>     After you feel like you have the general idea of what this subject
>     is all about, I'd recommend looking in the web developer tools in
>     your web browser to see what headers and responses are travelling
>     between the browser and your server, paying special attention to the
>     OPTIONS requests, and their
>     Access-Control-Request-Header/__Access-Control-Allow-Header headers.
>       When you can see exactly what requests and responses are
>     happening, that provides you a good basis for troubleshooting your
>     web server configuration.
>
>
>     Robert Buels
>     Lead Developer
>     JBrowse - http://jbrowse.org
>
>
>     On 01/31/2014 03:35 PM, Phanwadee Sinthong wrote:
>
>         Hi All,
>
>         I'm trying to embed JBrowse into our software's browser interface.
>         JBrowse uses our back-end REST web service running locally on
>         port8088.
>         To my knowledge, I think JBrowse is running locally on port
>         8080. I use
>         iframe to embed JBrowse into our webpage. The JBrowse window
>         shows up
>         nicely but it doesn't display feature track from our web
>         service. The
>         error message from Chrome's developer tool is "not allowed by
>         Access-control-Allow-Origin" on localhost. I have little
>         experience with
>         network security and Chrome in general but after some searches I
>         tried
>         adding : header |Access-Control-Allow-Origin:*__| to both a
>         .htaccess file
>         inside JBrowse folder and the /etc/apache2/apache2.conf file but it
>         doesn't fix the problem. However, if I try --disable-web-security in
>         Chrome it works. It could be that I added .htaccess file to a wrong
>         directory. If so, where do I add the header to allow access?
>
>         I also attached 2 screenshots, one of a security-disabled
>         browser and
>         another of a non-working page with an error message to this email.
>         Any help or suggestion will be appreciated.
>
>         Thanks,
>         Gift Sinthong
>
>
>         ------------------------------__------------------------------__------------------
>         WatchGuard Dimension instantly turns raw network data into
>         actionable
>         security intelligence. It gives you real-time visual feedback on key
>         security issues and trends.  Skip the complicated setup - simply
>         import
>         a virtual appliance and go from zero to informed in seconds.
>         http://pubads.g.doubleclick.__net/gampad/clk?id=123612991&__iu=/4140/ostg.clktrk
>         <http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk>
>
>
>
>         _________________________________________________
>         Gmod-ajax mailing list
>         [hidden email].__net
>         <mailto:[hidden email]>
>         https://lists.sourceforge.net/__lists/listinfo/gmod-ajax
>         <https://lists.sourceforge.net/lists/listinfo/gmod-ajax>
>
>

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Gmod-ajax mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gmod-ajax