Enable CORS

1006 views
Skip to first unread message

Fernando Jose Serrano Garcia

unread,
Jul 29, 2015, 1:21:01 PM7/29/15
to Orthanc Users
Is there any way to enable CORS in default orthanc installation to prevent "No Access-Control-Allow-Origin" errors while making a request from another domain? Or should it be included in a setup with apache or nginx to do that?

Sébastien Jodogne

unread,
Jul 29, 2015, 1:25:01 PM7/29/15
to Orthanc Users, ferna...@gmail.com, ferna...@gmail.com
CORS is not available inside Orthanc. You have 2 possibilities:
  1. Put Orthanc behind Apache/nginx using reverse proxying (cf. https://code.google.com/p/orthanc/wiki/FAQ ).
  2. Use the official "ServeFolders" plugin to serve your JavaScript/HTML/CSS/... resources (cf. https://goo.gl/QcVypZ ).
Sébastien-

Fernando Jose Serrano Garcia

unread,
Jul 30, 2015, 12:15:07 PM7/30/15
to Orthanc Users, s.jo...@gmail.com
I've just updated my vagrant box (https://github.com/fernandojsg/vagrant-orthanc) to include a nginx as proxy with CORS enabled, so you can query orthanc without problem using the nginx's port (By default I've mapped 80 -> 8043 to avoid collision with host machine).

By the way, I think could be nice to update the documentation to include the nginx configuration in case someone could need it, as it's quite usual than the PACS is on a different server from the other webapps.

Right now you have:


server
{
       listen  
80  default_server;
       
...
       location  
/orthanc/  {
                proxy_pass http
://localhost:8042;
                proxy_set_header HOST $host
;
                proxy_set_header X
-Real-IP $remote_addr;
                rewrite
/orthanc(.*) $1 break;
       
}
       
...
}

And adding CORS it could be:


server
{
       listen  
80  default_server;
       
...
       location  
/orthanc/  {
                proxy_pass http
://localhost:8042;
                proxy_set_header HOST $host
;
                proxy_set_header X
-Real-IP $remote_addr;
                rewrite
/orthanc(.*) $1 break;
                add_header 'Access-Control-Allow-Credentials' 'true';                 add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';                 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';                 add_header 'Access-Control-Allow-Origin' '*';
       
}
       
...
}

Also you could include a FAQ question regarding CORS, something like How can I enable CORS? And add the link to http://enable-cors.org

Regards

Sébastien Jodogne

unread,
Jul 31, 2015, 3:15:27 AM7/31/15
to Orthanc Users, s.jo...@gmail.com, ferna...@gmail.com
Dear Fernando,

Thanks for this very useful information!

I have just added it to the FAQ:

Sébastien-

TheRightDoctors Developer

unread,
Dec 8, 2018, 10:11:01 AM12/8/18
to Orthanc Users
We have added those lines to our nginx server to configure the Orthanc server, but still the post request is giving the same error. Here we are trying to post a .dcm file to an orthanc server which is running behind an nginx server. 
Screenshot.jpg

Ankit Arora

unread,
Dec 10, 2018, 12:10:12 AM12/10/18
to Orthanc Users
hi, the one posted on Official Orthanc Book will not work.

Use this in nginx Configuration
   server {
       listen 4200 default;
       location / {
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $host;
           add_header 'Access-Control-Allow-Origin' "*";

           add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
           add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";   
           proxy_pass http: //127.0.0.1:8080/;
       }
   }

You need to add reverse proxy here. consider 8080 as your orthanc port and 4200 as an open. If you setup this in correct way then all request for 4200 will be forwarded to 8080 bypassing the CORS error.

Sébastien Jodogne

unread,
Dec 10, 2018, 2:59:55 AM12/10/18
to Orthanc Users
Hello,

If the information in the Orthanc Book is incorrect, please could you contribute to the project by telling how to fix the dedicated section? TIA!
http://book.orthanc-server.com/faq/nginx.html#enabling-cors

Regards,
Sébastien-

Thibault Nélis

unread,
Dec 10, 2018, 4:33:10 AM12/10/18
to orthan...@googlegroups.com
On Sun, 2018-12-09 at 21:10 -0800, Ankit Arora wrote:
> You need to add reverse proxy here. consider 8080 as your
> orthanc port and 4200 as an open. If you setup this in correct way
> then all request for 4200 will be forwarded to 8080 bypassing the
> CORS error.

Obligatory warning: Please understand the consequences of doing this
before doing it. The single-origin policy is especially relevant for
Orthanc's API.

In short: If you don't otherwise secure access to the Orthanc
resources, visiting a link with a web browser on any website could
trigger arbitrary operations like deletions on the Orthanc server, even
if that Orthanc server is in a private network and so long as the web
browser has access to it.
--
Thibault Nélis <t...@osimis.io>
Osimis

Ankit Arora

unread,
Dec 10, 2018, 11:26:57 PM12/10/18
to Orthanc Users
Yes you are correct, but I dont have any other solution to do the same, I would be grateful if you could share any other solution for removing this CORS error.

Sébastien Jodogne

unread,
Dec 11, 2018, 2:46:44 AM12/11/18
to Orthanc Users
The clean way to use Orthanc from a Web application, is to make Orthanc run on an Intranet server (not publicly accessible), and create an Web applicative gateway that is built on the top of the REST API of Orthanc (using e.g. PHP+curl, Node.js, Java, Python...). CORS is a trick to make it work if you don't have full control over your architecture, or if you want quick deployments.

In either case, your question is generic, and not particular to Orthanc.

Please use another forum to discuss possible architectures for Web applications.

Francisco Maria Calisto

unread,
Jul 27, 2020, 11:11:39 AM7/27/20
to Orthanc Users
Dear Orthanc Community,

I am facing a real strange issue concerning CORS. In the past, I had my nginx configurations to enable the communication between a web viewer based in CornerstoneJS and Orthanc. During this pandemic phase, we change our servers and I tried to replicate the old configurations. Unfortunately, in a less successful way. My configurations are as follows.

Web Viewer:


Orthanc Server:


Nginx Configurations:

server {
    listen  8451  default_server;
    location  /  {
      client_max_body_size 128M;
      proxy_pass http://localhost:8551;
      proxy_set_header HOST $host;
      proxy_set_header X-Real-IP $remote_addr;
      rewrite /orthanc(.*) $1 break;
      add_header 'Access-Control-Allow-Credentials' 'true';
      add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      add_header 'Access-Control-Allow-Origin' '*';
    }
  }

The web viewer (http://foo.com:8586/src/public/index.html) is reading from the 8451 port but still, we have the following error:

Access to XMLHttpRequest at 'http://foo.com:8451/patients?expand&_=1595861396855' from origin 'http://foo.com:8586' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

What am I missing?


Best regards,

Francisco Maria Calisto

b...@osimis.io

unread,
Jul 28, 2020, 4:10:37 AM7/28/20
to Orthanc Users
Hello Fransisco,

Your reverse proxy seems to listen on 8451 yet you are opening the web viewer URL on 8586? What is the purpose of the 8586 port?

I must have missed something but why don't you serve everything through the reverse proxy to avoid this error?

Or, most probably, there is something in your nginx conf file that is not posted here.  

Francisco Maria Calisto

unread,
Jul 28, 2020, 5:17:32 AM7/28/20
to Orthanc Users
First of all, thank you for your answer. The port 8586 is serving our web viewer, a CornerstoneJS based solution that we have to manipulate the medical images and to inform radiologists. On the other hand, the Orthanc server is served at the port of 8551 and listens at the port 8451.

There are no errors and things are working if I turn on the CORS application on my Chrome browser. But I would like to have a more automatic way (e.g., nginx). Unfortunately, I am not achieving it. Which is strange, since in the past I have the things working on an older physical server.

James Manners

unread,
Jul 28, 2020, 6:23:33 AM7/28/20
to Orthanc Users
Hi Francesco,

As your cornerstone app is requesting data from Orthanc on a different port, that causes a browser to make CORS requests. There 2 ways to fix this. You can configure nginx to serve both cornerstone and Orthanc on the same port and host. Or you can configure nginx to add the appropriate CORS responses https://enable-cors.org/server_nginx.html

Hope that helps. 

James

Binary Logo
James Manners • Director
Suite 3, Level 2, 10 Queens Road, Melbourne, Victoria 3004, Australia

On 28 Jul 2020, at 7:17 pm, Francisco Maria Calisto <francisco...@gmail.com> wrote:

First of all, thank you for your answer. The port 8586 is serving our web viewer, a CornerstoneJS based solution that we have to manipulate the medical images and to inform radiologists. On the other hand, the Orthanc server is served at the port of 8551 and listens at the port 8451.
--
You received this message because you are subscribed to the Google Groups "Orthanc Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orthanc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orthanc-users/e5e035e1-74a5-4609-9311-aa4ecb52c1e2n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages