search

OHIF / Viewers

OHIF zero-footprint DICOM viewer and oncology specific Lesion Tracker, plus shared extension packages
https://docs.ohif.org/
MIT License
3.12k stars 3.29k forks source link

[Bug] Headers don't get passed on requests on orthanc dicom-web. #4325

Open IsmailAlamKhan opened 1 month ago

IsmailAlamKhan commented 1 month ago

Describe the Bug

We are using OHIF's DICOM viewer as an iframe within our application. Everything is functioning correctly, however, our Orthanc instance is secured with email and password login. We have a basic token which should be passed in the Authorization header for authentication, but I'm having trouble passing this token in the request. I asked about this issue on Slack and was advised to incorporate the Authorization header in the following places:

  1. The initWadoImageLoader's beforeSend hook.
  2. The getAuthorizationHeader function in extensions/default/src/DicomWebDataSource/index.js. Despite hardcoding the token, the header is not being passed into the request.

Steps to Reproduce

  1. Embed OHIF's DICOM viewer as an iframe in a parent application.
  2. Protect the Orthanc instance with email/password authentication.
  3. Attempt to pass the Authorization header using the initWadoImageLoader's beforeSend hook and the getAuthorizationHeader function in extensions/default/src/DicomWebDataSource/index.js.

The current behavior

The Authorization header is not being included in the requests.

The expected behavior

The Authorization header containing the basic authentication token should be passed with the requests to the Orthanc instance.

OS

MacOS 15.0(beta)

Node version

v21.7.3

Browser

Arc Browser for MacOS v1.54.0(52220)

shivam-pandey-qss commented 1 week ago

Issue: Bearer Token Not Sent for First Frame API Request in DCM4CHEE

I am passing a Bearer token in two places within the OHIF codebase to authenticate API requests, but the token is not being sent when retrieving the first frame. As a result, the UI breaks. However, for all other API requests, the Bearer token is being sent successfully.

Details:

In extensions/default/src/DicomWebDataSource/index.js:

getAuthorizationHeader = () => { const xhrRequestHeaders = {}; const authHeaders = userAuthenticationService.getAuthorizationHeader(); if (authHeaders && authHeaders.Authorization) { xhrRequestHeaders.Authorization = authHeaders.Authorization; } xhrRequestHeaders.Authorization = Bearer ${dcm_token}; return xhrRequestHeaders; };

In initWADOImageLoader:

beforeSend: function (xhr) { const dcm_token = sessionStorage.getItem('dcm4chee_token'); const sourceConfig = extensionManager.getActiveDataSource()?.[0].getConfig() ?? {}; const headers = userAuthenticationService.getAuthorizationHeader(); const acceptHeader = utils.generateAcceptHeader( sourceConfig.acceptHeader, sourceConfig.requestTransferSyntaxUID, sourceConfig.omitQuotationForMultipartRequest );

const xhrRequestHeaders = { Accept: acceptHeader, }; if (dcm_token) { xhrRequestHeaders.Authorization = Bearer ${dcm_token}; } if (headers) { Object.assign(xhrRequestHeaders, headers); }

return xhrRequestHeaders; } Problem: For the API request to retrieve the first frame, the Bearer token is not being sent, causing the UI to break. For all other subsequent API requests, the Bearer token is correctly included, and the APIs function as expected.

I suspect the issue is related to how the beforeSend logic is handled for the first frame, but I'm unsure how to resolve it. Any guidance or suggestions would be appreciated.