search

ERDDAP / erddap

ERDDAP is a scientific data server that gives users a simple, consistent way to download subsets of gridded and tabular scientific datasets in common file formats and make graphs and maps. ERDDAP is a Free and Open Source (Apache and Apache-like) Java Servlet from NOAA NMFS SWFSC Environmental Research Division (ERD).
Creative Commons Zero v1.0 Universal
84 stars 58 forks source link

Search Multiple ERDDAPs seems to be broken #106

Closed BobSimons closed 3 months ago

BobSimons commented 1 year ago

The Search Multiple ERDDAPs web page, e.g., https://coastwatch.pfeg.noaa.gov/erddap/download/SearchMultipleERDDAPs.html, appears to be broken. The problem occurs with any search terms that I try, e.g., temperature It should return the results of a search sent to many ERDDAPs. Instead, it just works with a few remote ERDDAPs, but the Javascript that powers the page mostly throws an error that you can see in your browser's console

"Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

coastwatch.noaa.gov//erddap/search/index.json?page=1&itemsPerPage=100000&searchFor=EDDGridFromErddap&.jsonp=convertJsonToTable:1 "

Thus, this seems to be a HTML issue related to security and may have a simple solution. Sorry, I didn't try to figure it out or find the solution. I'm testing with Chrome on a Chromebook.

ChrisJohnNOAA commented 1 year ago

The content security policy (CSP) is controlled by the server admin, not the ERDDAP code. The easiest fix would be to add all of the possible ERDDAP servers to the CSP. There may be a way to re-write the search to work without that long list in the CSP, but I'll need to look more into that.

ChrisJohnNOAA commented 3 months ago

This was resolved when the CSP for the server was updated.