def _setCommonCORSHeaders(): """ Set CORS headers that should be passed back with either a preflight OPTIONS or a simple CORS request. We set these headers anytime there is an Origin header present since browsers will simply ignore them if the request is not cross-origin. """ origin = cherrypy.request.headers.get('origin') if not origin: # If there is no origin header, this is not a cross origin request return allowed = Setting().get(SettingKey.CORS_ALLOW_ORIGIN) if allowed: setResponseHeader('Access-Control-Allow-Credentials', 'true') setResponseHeader('Access-Control-Expose-Headers', Setting().get(SettingKey.CORS_EXPOSE_HEADERS)) allowedList = {o.strip() for o in allowed.split(',')} if origin in allowedList: setResponseHeader('Access-Control-Allow-Origin', origin) elif '*' in allowedList: setResponseHeader('Access-Control-Allow-Origin', '*')
def _setCommonCORSHeaders(): """ Set CORS headers that should be passed back with either a preflight OPTIONS or a simple CORS request. We set these headers anytime there is an Origin header present since browsers will simply ignore them if the request is not cross-origin. """ origin = cherrypy.request.headers.get('origin') if not origin: # If there is no origin header, this is not a cross origin request return allowed = Setting().get(SettingKey.CORS_ALLOW_ORIGIN) if allowed: setResponseHeader('Access-Control-Allow-Credentials', 'true') setResponseHeader( 'Access-Control-Expose-Headers', Setting().get(SettingKey.CORS_EXPOSE_HEADERS)) allowed_list = [o.strip() for o in allowed.split(',')] key = 'Access-Control-Allow-Origin' if len(allowed_list) == 1: setResponseHeader(key, allowed_list[0]) elif origin in allowed_list: setResponseHeader(key, origin)
def load(self, info): plugin.getPlugin('jobs').load(info) plugin.getPlugin('slicer_cli_web').load(info) plugin.getPlugin('large_image_annotation').load(info) # Python's http cookie parser fails for all cookies when there are some # invalid cookies. Work around some of that. patchCookieParsing() ModelImporter.registerModel('aperio', Aperio, 'histomicsui') ModelImporter.registerModel('case', Case, 'histomicsui') ModelImporter.registerModel('cohort', Cohort, 'histomicsui') ModelImporter.registerModel('image', Image, 'histomicsui') ModelImporter.registerModel('pathology', Pathology, 'histomicsui') ModelImporter.registerModel('slide', Slide, 'histomicsui') rest.addEndpoints(info['apiRoot']) info['serverRoot'].updateHtmlVars( {'brandName': Setting().get(SettingKey.BRAND_NAME)}) global originalChildItems if not getattr(Folder, '_childItemsBeforeHUI', None): Folder._childItemsBeforeHUI = Folder.childItems Folder.childItems = childItems girderRoot = info['serverRoot'] huiRoot = WebrootHistomicsUI(_template) huiRoot.updateHtmlVars(girderRoot.vars) # The interface is always available under hui and also available # under the specified path. info['serverRoot'].hui = huiRoot webrootPath = Setting().get(PluginSettings.HUI_WEBROOT_PATH) alternateWebrootPath = Setting().get( PluginSettings.HUI_ALTERNATE_WEBROOT_PATH) setattr(info['serverRoot'], webrootPath, huiRoot) if alternateWebrootPath: for alt_webroot_path in alternateWebrootPath.split(','): if alt_webroot_path: setattr(info['serverRoot'], alt_webroot_path, huiRoot) info['serverRoot'].girder = girderRoot # auto-ingest annotations into database when a .anot file is uploaded events.bind('data.process', 'histomicsui', process_annotations) events.bind('model.job.save', 'histomicsui', _saveJob) def updateWebroot(event): """ If the webroot path setting is changed, bind the new path to the hui webroot resource. Note that a change to the alternate webroot requires a restart. """ if event.info.get('key') == PluginSettings.HUI_WEBROOT_PATH: setattr(info['serverRoot'], event.info['value'], huiRoot) events.bind('model.setting.save.after', 'histomicsui', updateWebroot) curConfig = config.getConfig().get('histomicsui', {}) if curConfig.get('restrict_downloads'): # Change some endpoints to require token access endpoints = [ ('collection', 'GET', (':id', 'download')), ('file', 'GET', (':id', 'download')), ('file', 'GET', (':id', 'download', ':name')), ('folder', 'GET', (':id', 'download')), ('item', 'GET', (':id', 'download')), ('resource', 'GET', ('download', )), ('resource', 'POST', ('download', )), ('item', 'GET', (':itemId', 'tiles', 'images', ':image')), ] for resource, method, route in endpoints: cls = getattr(info['apiRoot'], resource) func = cls.getRouteHandler(method, route) if func.accessLevel == 'public': func = access.token(func) cls.removeRoute(method, route) cls.route(method, route, func)