FASTP does not display graphs properly due to CORS restrictions

[kjetilkl]

The tool "fastp" outputs a report in HTML format, which (when whitelisted) should display graphs created with the Plotly javascript library. This library file is hotlinked from OpenGene's website (http://opengene.org/plotly-1.2.0.min.js), but the file is being blocked by some cross-origin policy, so the graphs are not displayed at all.

Possible solutions:

• Install the javascript library locally and rewrite the tool wrapper to use this file instead
• Change the CORS policy
• Just ignore the problem. This fails on usegalaxy.org and usegalaxy.eu as well, but it works if the user downloads the HTML file to their own computer and opens it there.

[torfinnnome]

nginx CORS whitelist map:

https://eyeofmidas.wordpress.com/2015/04/06/nginx-cors-whitelist-map/

[torfinnnome]

I have added opengene.org to a whitelist on test.usegalaxy.no now. Can someone (@kjetilkl?) test? (And if it fails - share the history with torfinn.nome@nmbu.no?)

[torfinnnome]

Seems adding opengene.org did not help. It might be related to X-Frame-Options? Which can either be set to SAMEORIGIN or DENY. It's currently set to SAMEORIGIN. So I'm not sure how to deal with this.

[kjetilkl]

I have investigated further and now believe that the javascript file is not blocked by CORS restrictions but rather due to mixing of secure and insecure content, since "opengene.org" is served with HTTP rather than HTTPS. I was able to configure Firefox to allow mixed content, and the result was that the graphs were displayed properly. However, I was not able to achieve the same result with other web browsers. I also tried to rewrite the HTML in a FASTP report dataset directly to fetch the javascript file from a different server that uses HTTPS, and that also solved it. So, I think the best solution in this case would be to rewrite the wrapper itself and get the javascript file from another server.

[torfinnnome]

I sent a request to the fastp author(s) to serve the Plitly library using https instead of http: https://github.com/OpenGene/fastp/issues/322

[kjetilkl]

Fastp version 0.23.2 should work, since it will use "https://cdn.plot.ly/plotly-1.2.0.min.js" as a backup if it is not able to get Plotly from "http://opengene.org/plotly-1.2.0.min.js". I have uninstalled version 0.20.1, which did not work.