Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

is there any solution can use volume without cross-origin isolated #295

Open
DMIAOCHEN opened this issue Nov 14, 2022 · 7 comments
Open

Comments

@DMIAOCHEN
Copy link
Contributor

because our production environment is on LAN, there always have no https 😢
image

@sedghi
Copy link
Member

sedghi commented Nov 14, 2022

@DMIAOCHEN
Copy link
Contributor Author

DMIAOCHEN commented Nov 15, 2022

Thanks @sedghi ~ I know that Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy need to be set, but the most important thing is that it must run under HTTPS, but many of our production environments are LANs, which are all HTTP.

Do we have plans to implement a fallback scheme for applications over HTTP?

@heyflynn
Copy link
Contributor

heyflynn commented Nov 15, 2022

react-scripts (create react app) has a built in proxy for development without https.
Easy as creating a setupProxy.js in the src directory with the following code:

module.exports = function (app) {
    app.use((req, res, next) => {
        res.set({
            'Cross-Origin-Opener-Policy': 'same-origin',
            'Cross-Origin-Embedder-Policy': 'require-corp'
        })
        next()
    })
}

for production deployments there is a simple way to set these headers.

for google app engine I use the following handlers for app.yaml config file.

handlers:
    # Serve all static files with url ending with a file extension
    - url: /(.*\..+)$
      static_files: build/\1
      upload: build/(.*\..+)$
      secure: always
      http_headers:
          Cross-Origin-Opener-Policy: same-origin
          Cross-Origin-Embedder-Policy: require-corp

    # Catch all handler to index.html
    - url: /.*
      static_files: build/index.html
      upload: build/index.html
      secure: always
      http_headers:
          Cross-Origin-Opener-Policy: same-origin
          Cross-Origin-Embedder-Policy: require-corp

is using docker and nginx, the conf of nginx.conf would add something like this.

    location / {
        add_header Cross-Origin-Opener-Policy "same-origin";
        add_header Cross-Origin-Embedder-Policy "require-corp";
    }

    location /static {
        add_header Cross-Origin-Opener-Policy "same-origin";
        add_header Cross-Origin-Embedder-Policy "require-corp";
    }

@abluobo
Copy link

abluobo commented Jan 10, 2023

Thanks @sedghi ~ I know that Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy need to be set, but the most important thing is that it must run under HTTPS, but many of our production environments are LANs, which are all HTTP.

Do we have plans to implement a fallback scheme for applications over HTTP?

@DMIAOCHEN I have the same problem. Have you solved it? How to solve it?

@sedghi
Copy link
Member

sedghi commented Jan 10, 2023

So I have more time to explain this.

Currently we use SharedArrayBuffer for cross sharing the array buffer between workers. That is how the default volume loader works in cornerstone3D.

We use the CornerstoneWADOImageLoader to insert the pixel data of the slice into the correct location (by providing it through the loader inside the webworker here) of the volume one slice at a time in a webworker, here, and so since we are running multiple workers they all need to share the buffer via SharedArrayBuffer.

IIRC previously we used to just do it without sharedArrayBuffer here, as you see there is no passing of the offset and arraybuffer so the insertion of the pixel data of the slice into the volume happens in the main thread.

You can create a new loader that don't rely on the sharedArrayBuffer I guess. I would be more than happy to review this.

@sedghi
Copy link
Member

sedghi commented Jan 11, 2023

this might help you #358

@David2k13
Copy link
Contributor

Thanks @sedghi ~ I know that Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy need to be set, but the most important thing is that it must run under HTTPS, but many of our production environments are LANs, which are all HTTP.

Do we have plans to implement a fallback scheme for applications over HTTP?

me too

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants