search

ga4gh / htsget-refserver

Reference server implementation for the GA4GH HTSget API standard.
Apache License 2.0
11 stars 4 forks source link

Allow CORS? #23

Open cmdcolin opened 3 years ago

cmdcolin commented 3 years ago

Hi there

It would be great if this htsget server supportted CORS!

That way javascript based code running in the browser can fetch it

For instance here https://www.test-cors.org/#?client_method=GET&client_credentials=false&server_url=https%3A%2F%2Fhtsget.ga4gh.org%2Freads%2Fgiab.NA12878.NIST7035.1%3Fclass%3Dheader&server_enable=true&server_status=200&server_credentials=false&server_tabs=remote

This returns a HTTP Status 0 which indicates a cors error basically, can also look in the javascript console on that page

Also I looked at #8 while trying to find htsget servers to test against, currently I have only tested against a dnanexus server but they all have a biut different behavior so great to see others

victorskl commented 3 years ago

CORS support comes in PR #24 which is review in progress. If you would like to try it for local dev, you can do like so:

docker run -it --rm -p 3000:3000 quay.io/victorskl/htsget-refserver ./htsget-refserver -config deployments/ga4gh/prod/config-local.json

Then you can curl to ticket endpoints like:

Alignment:

curl -s http://localhost:3000/reads/service-info | jq .
curl -s http://localhost:3000/reads/giab.NA12878.NIST7035.1 | jq .

Variants:

curl -s http://localhost:3000/variants/service-info | jq .
curl -s http://localhost:3000/variants/giab.NA12878 | jq .

To show that CORS is working, make OPTIONS request like this:

curl -s -v -H "Origin: http://example.com" \
  -H "Access-Control-Request-Method: GET" \
  -H "Access-Control-Request-Headers: X-Requested-With" \
  -X OPTIONS \
  http://localhost:3000/reads/giab.NA12878.NIST7035.1

Note that, response contains Access-Control-Allow-Origin: *

And of course, you can also try with BAM sliced request with CORS different origin, like so: 

curl -s -v -H "Origin: http://example.com" http://localhost:3000/reads/giab.NA12878.NIST7035.1?format=BAM&referenceName=chr13&start=0&end=49999 | jq .

For some reason, like you don't want to use default port 3000 or, if want to tweak any aspect of server config, then:

Grab the local config to current directory and modify server port to 5000, for example:

wget https://raw.githubusercontent.com/victorskl/htsget-refserver/cors-support/deployments/ga4gh/prod/config-local.json

Then, bind map the config and run:

docker run -it --rm -p 5000:5000 -v `pwd`/config-local.json:/config-local.json quay.io/victorskl/htsget-refserver ./htsget-refserver -config /config-local.json

Curl it, so on so ford!

curl -s -v -H "Origin: http://example.com" http://localhost:5000/reads/service-info | jq .

Of course, you can docker-compose this up, too.

HTH

cmdcolin commented 3 years ago

Thanks!

jrobinso commented 3 years ago

Ping. Any updates? CORS is required by the htsget specification.

jb-adams commented 3 years ago

@victorskl I just merged your PR #24 . Would you say this issue is good to close after incorporating your branch?

victorskl commented 3 years ago

Yes sure; happy to close this issue. And happy to maintain and support this; down the track, if any.

I also re: testing CORS for local run with default setting there in igv.js thread

Thanks again for merging. Cheers!

jrobinso commented 3 years ago

@jb-adams When can we expect the public reference server to reflect this change?
Thanks

jb-adams commented 3 years ago

I'm aiming to have this completed today, any pointers on what origins I should configure the server to allow?

jb-adams commented 3 years ago

@jrobinso @brainstorm @victorskl the public server has been updated to incorporate CORS and corrected documentationUrls. I'm releasing this as v1.5.0.

Reads documentationUrl image

Variants documentationUrl image

CORS image

(See Origin request header and Access-Control-Allow-Origin response header)

jrobinso commented 3 years ago

I can confirm the CORS problem is fixed

https://igv.org/web/snapshot/examples/htsget.html