Whitelisted tools won't display javascript

[Slugger70]

Hi there,

Thanks for the work on the wrappers. I've been testing them a lot from the testtoolshed recently.

Anyway, none of the html reports will display in Galaxy 18.05 properly. I have whitelisted all of the tools to no avail. I have even allowed serve_xss_vulnerable_mimetypes: true in the Galaxy config. I have also tried with sanitize_all_html: false and even that doesn't work.

All I get when trying to view the files is your internal:

I've figured out that this is produced by the file itself. When I download the file and look at it in Chrome it works fine.

[ValentinMarcon]

Hello, we tried (with @oinizan ) to reproduce this issue on a fresh Galaxy 18.05 version. We installed the basic config (just a git clone and a run.sh). Once FROGS have been installed we run affiliation_stat. After whitelisting it througt the admin panel the html displayed correctly.

Did you notice such behavior on html outputs from others tools (not FROGS) ?

[Slugger70]

Hi Valentin, I've done some more investigation and it only occurs on machines that have https running with certificates and nginx security turned on. I manually added the javascript and css that has links in your html templates to the code (instead of the links) and it all worked fine. I think the server is blocking the html from downloading the required js and css when it is in secure mode. As I run production servers I need these tools to run in a secure environment. Would it be possible to include the js and css in the templates as code instead of links? I checked other tools with interactive html outputs and all of their code is embedded in the output.

I also realised that the files I'm talking about aren't in this repo but in the main FROGS repo. I will copy this issue to there. Cheers!

[Slugger70]

hahaha.. Actually I got it to work by putting https:// in front of all the links instead of http...

[oinizan]

Issue transfered in the main FROGS repo.