Getting Error 400 when Authorisation header is added while uploading DICOM.

Hi Everyone,

I was trying to add authorisation Header while uploading DICOM image to the Orthanc server. If I add authorisation header then I am getting Error 400 as (BAD REQUEST) Response for preflight has invalid HTTP status code 400; without Authorisation header, it’s working fine.

Also, I have changed AuthenticationEnabled to true. I am not able to solve this issue. Any help would be appreciated.

`

`
var form = new
form.append(“data-binary”, file);

`
var xhr = new XMLHttpRequest();
xhr.addEventListener(“readystatechange”, function () {
if (this.readyState === 4) {
console.log(this.responseText);
}
});

xhr.open(“POST”, “http://localhost:8042/instances”);
xhr.setRequestHeader(“Authorization”, “Basic “+Base64.encode(“alice”+””+“alicePassword”);
xhr.send(form);

`

you need a “:” between your username and password

Actually, I tried with column and Base64 itself, but neither worked. Also, there was a mistake in my question “:” is missing.

Please consider as
xhr.setRequestHeader(“Authorization”, “Basic “+Base64.encode(“alice”+”:”+“alicePassword”);

Then also, it does not work.

As you are using a full URL (“http://localhost:8042/instances”) instead of a relative URI (“/instances”), the Same-Origin Policy prevents you to make such requests:
https://en.wikipedia.org/wiki/Same-origin_policy

Check out the Orthanc Book:
http://book.orthanc-server.com/faq/same-origin.html

I have used this API without the authorisation header and its working there. If it’s something related with Same Policy, then it should not work in without header request but its working there.

The code below works.

var xhr = new XMLHttpRequest();
xhr.addEventListener(“readystatechange”, function () {
if (this.readyState === 4) {
console.log(this.responseText);
}
});

xhr.open(“GET”, “http://localhost:8042/instances”);
xhr.setRequestHeader(“Authorization”, "Basic "+btoa(“alice:alicePassword”);
xhr.send();

Hi,

Can we also use “GET” instead of “POST”. I don’t find this as logically correct.

Of course, GET and POST don’t have the same use ! My intention was to demonstrate that the authentication is not a problem (this was the subject of your thread).

When POSTing to /instances, the payload shall only contain the binary content of a DICOM file. I doubt this is the case with the “form” you’re trying to POST.

If you have used postman or any other api testing tool then this would also work in POST with the Authentication header.

You will find a fully working sample attached to this mail. It consists of a static “index.html” file together with a JavaScript application “app.js.txt” (the “.txt” suffix is there to allow the post on Google Groups).

Follow the Orthanc Book to configure the “http://localhost/Orthanc/” URL:
http://book.orthanc-server.com/faq/apache.html

index.html (324 Bytes)

app.js.txt (1.27 KB)