Advanced authorisation and Osimis Web Viewer

Hi,

We are experiencing a problem with the advanced authorization plugin and the Osimis web viewer. We have the AA plugin all configured nicely to authorise all our API calls and the Osimis Web Viewer is called with the token in the URL which allows it to access the studies and images no problem. The issue arises if we click the “download” icon on the study.

This causes a new tab to pop up with the URL for the study with /archive appended to the end but the token is not passed in the URL and so authorisation fails.

Is this a known problem or is there some way to overcome this?

Thanks

Steve

Hi Steve,

There’s an option to disable downloads:

// Show the download study button in the frontend.
// You may want to disable this feature if you disable access to
// the underlying REST route for authentication reasons.
“StudyDownloadEnabled”: true,

For the browser to handle the download correctly, the download must be triggered by an link in which we can not pass HTTP headers.

There’s probably a solution that can be found with a reverse proxy that would take the token from the download url and insert it into HTTP headers but I just realized that the token is not included in the download link at all…
I’ll try to fix that …

image001.png

I’ve implemented the fix: https://bitbucket.org/osimis/osimis-webviewer-plugin/commits/35889ad36f59430c592983507bb685a799086794

but you would still need a reverse proxy that would take the token from the download url and insert it into HTTP headers

image001.png