Update to v1.4 of Dataverse Previewers

[kmika11]

A new version of the Dataverse Previewers: https://github.com/gdcc/dataverse-previewers was released on 2023/12/15, and Harvard Dataverse should be updated to include the latest release.

See https://github.com/gdcc/dataverse-previewers/issues/31 for a discussion about the security risks inherent in the new rich HTML previewer.

[jggautier]

Hey all. I'm writing with someone who emailed Harvard Dataverse support and would like to publish their rich html in Harvard Dataverse, but would like to know when it would be possible to let others preview their html files in their browsers.

@cmbz, from what I understand from the section in Admin Guide about external tools, since only developers who can use the admin API endpoints can do this, do you think any of our colleagues would be able to next week?

[cmbz]

2024/02/01

• Added to backlog
• @jggautier and @kmika11 I will investigate.

[cmbz]

2024/02/01

• Updated size and moved to Sprint Ready following Slack conversation with @scolapasta
• It is currently unclear if there is capacity during this sprint

[landreev]

Adding a note to check specifically if the new version of the Video viewer is any better in handling files the current version cannot play. For example (from slack):

Does anyone know why the video previewer might not work in Harvard Dataverse: https://dataverse.harvard.edu/file.xhtml?fileId=10123160&version=DRAFT? In chrome it looks like it tries to play, but nothing happens ...

[cmbz]

Re @jggautier's comment we will raise issue during next sprint planning session.

[qqmyers]

FWIW: I'm not aware of any update in the video player that would resolve the issue. 1.4 does include a rich HTML viewer that probably could be deployed in lieu of the regular one (it acts like the regular one unless scripts are detected and if they are, then asks the user whether they should be allowed to run or not). Whether it is sufficient for the specific rich html specified or not, I don't know, but I suspect it is (should be if just viewing the html file directly would work).

[landreev]

@kmika11 This has been done (mostly, see below), but please take a look and see if anything is looking/acting weird.

I did not install the rich HTML previewer. But please let me know if you really want it. An upgraded version of the regular (poor?) HTML previewer is installed.

In addition to the file types for which v1.3 (and beta) previewers were available, the following 6 new types are now supported:

application/vnd.eln+zip        zipPreviewer
application/x-json-hypothesis  annotationPreviewer
audio/x-m4a                    audioPreviewer
text/csv                       spreadsheetPreviewer
text/tsv                       spreadsheetPreviewer
text/markdown                  mdPreviewer

[kmika11]

@landreev thank you! They look great!

I would really love the rich HTML previewer to be added too, unless the security concerns are still an issue. This is the previewer I get asked about the most, and I would love to tell users that it's available.

[landreev]

OK, I'll take another look into the "rich html" viewer.

[landreev]

I also went ahead and installed the new/experimental 3D viewer for the following types:

model/x3d+xml
model/vrml
model/gltf-binary
model/obj
model/stl
model/x-ply

This one is still in beta and advertised as such in the menus.

[qqmyers]

FWIW: The latest richHtml previewer works the same as the simple one for files w/o scripts and, for ones that do, it has a warning and allows users to see it with/without the scripts running.

@landreev - did you switch to signedURLs as well?

[landreev]

@qqmyers I didn't do anything special to switch to signedURLs; I just used the json as is from 6.1curlcommands.md. Under the assumption that signed URLs are the default with the new ApiCalls notation - is that actually correct?

[landreev]

@qqmyers Oh, wait, I still need to create the secret on the Dataverse side! (?)

[landreev]

@qqmyers Are there any known problems, with the richHtml previewer and Firefox? I've tried it on a few prod. files, it appears to be working in Chrome, but not in Firefox (in either mode). For ex.: https://dataverse.harvard.edu/file.xhtml?fileId=7111834&version=1.0&toolType=PREVIEW (the old, non-rich version is still available under "File Tools", for comparison) But let me restart Firefox, just in case.

[qqmyers]

Not known, but I do see the problem - so a bug.

[qqmyers]

Adding the secret increases the security, but isn't strictly required.

[qqmyers]

A fix is now in the betatest branch on github.io - if you substitute "betatest" for "v1.4" in the tool url (in the db or in the json for the curl command), you should be able to test it.

[landreev]

@kmika11 Thanks to Jim, the rich previewer should be working in all browsers now.

[landreev]

I'm going to close the issue, but please let me know if there are problems with any of the viewers.

[kmika11]

Thanks @landreev! It’s great!