search

OHIF / Viewers

OHIF zero-footprint DICOM viewer and oncology specific Lesion Tracker, plus shared extension packages
https://docs.ohif.org/
MIT License
3.12k stars 3.29k forks source link

[Bug] Bearer Token Not Sent for First Frame API Request in DCM4CHEE-Secure #4383

Open shivam-pandey-qss opened 1 week ago

shivam-pandey-qss commented 1 week ago

Describe the Bug

I am passing a Bearer token in two places within the OHIF codebase to authenticate API requests, but the token is not being sent when retrieving the first frame. As a result, the UI breaks. However, for all other API requests, the Bearer token is being sent successfully.

Steps to Reproduce

1.In extensions/default/src/DicomWebDataSource/index.js

getAuthorizationHeader = () => { const xhrRequestHeaders = {}; const authHeaders = userAuthenticationService.getAuthorizationHeader(); if (authHeaders && authHeaders.Authorization) { xhrRequestHeaders.Authorization = authHeaders.Authorization; } xhrRequestHeaders.Authorization = Bearer ${dcm_token}; return xhrRequestHeaders; };

2.In initWADOImageLoader

beforeSend: function (xhr) { const dcm_token = sessionStorage.getItem('dcm4chee_token'); const sourceConfig = extensionManager.getActiveDataSource()?.[0].getConfig() ?? {}; const headers = userAuthenticationService.getAuthorizationHeader(); const acceptHeader = utils.generateAcceptHeader( sourceConfig.acceptHeader, sourceConfig.requestTransferSyntaxUID, sourceConfig.omitQuotationForMultipartRequest );

const xhrRequestHeaders = { Accept: acceptHeader, }; if (dcm_token) { xhrRequestHeaders.Authorization = Bearer ${dcm_token}; } if (headers) { Object.assign(xhrRequestHeaders, headers); }

return xhrRequestHeaders; }

The current behavior

For the API request to retrieve the first frame, the Bearer token is not being sent, causing the UI to break. For all other subsequent API requests, the Bearer token is correctly included, and the APIs function as expected. I suspect the issue is related to how the beforeSend logic is handled for the first frame, but I'm unsure how to resolve it. Any guidance or suggestions would be appreciated.

The expected behavior

All api's to DCM4CHEE should include the bearer token.

OS

Linux

Node version

20.17.0

Browser

Firefox

GlebVST commented 1 week ago

Also seeing this issue with a DicomWebDataSource that requires auth header. Looks like dicomImageLoader.beforeSend is getting ignored on the first call to retrieve transferSyntax tag during setViewportData -> setStack -> getTagFromInstance flow. Not sure why - but there is another attempt later which successfully calls beforeSend and executes fine, but still the UI gets into error state due to a failed original request.

GlebVST commented 1 week ago

Actually upgrading to the latest dicom loader helped

"@cornerstonejs/dicom-image-loader": "^1.84.4",
shivam-pandey-qss commented 1 week ago

Actually upgrading to the latest dicom loader helped

"@cornerstonejs/dicom-image-loader": "^1.84.4",

thanks it helped.