Open a browser tab directly into an XNAT experiment page?

[MarkC]

Hi,

We're looking at the possibility of accessing XNAT from another web application, and we'd like to be able to open a new browser tab using some Javascript like 

window.open("https://name:password@the_XNAT_exp_URL");

Those aren't the actual user's credentials but some dedicated ones set up for the project, so the user doesn't need to be aware of them. Given a project name, subject name and experiment name, would such a thing be possible? If so, what form would that URL have to take?

Thanks for any help,

Mark

[Rick Herrick]

You can do some of this pretty easily. Given the project, subject, and experiment, you can open the URL:

https://server/data/projects/projectId/subjects/subject/experiments/experiment

So if your project ID is PROJ_01, the subject is PROJ_01_01, and the experiment is PROJ_01_01_MR_01, your URL would be:

https://server/data/projects/PROJ_01/subjects/PROJ_01_01/experiments/PROJ_01_01_MR_01

The username and password is not something that XNAT supports in that format. If you’re doing this in JavaScript, you could add those credentials to the request header before calling XNAT, but it would be a bit more complicated that just calling window.open(). How you’d do that would depend mostly on what’s available in the application from which you’re launching. You could even make it work with window.open(), but you’d need to first call XNAT to authenticate then, once you have a valid session, you could pop out the experiment page with with window.open(): With a library like Axios, you could do something like:

axios({
  url: "https://server/xapi/siteConfig/buildInfo",
  auth: {

    username: "name",

    password: "password"

  }

})
.then(function (response) {
    window.open("https://server/data/projects/PROJ_01/subjects/PROJ_01_01/experiments/PROJ_01_01_MR_01");
});

That first call is a cheap simple operation that XNAT itself sometimes uses as a keep-alive/heartbeat type of transaction. Calling that with credentials will create a new session on the XNAT server, which will then be used when you pop-up the experiment page.

Rick Herrick

Senior Software Developer

rickh...@flywheel.io

------ Original Message ------

From "MarkC" <mark.c...@gmail.com>

To "xnat_discussion" <xnat_di...@googlegroups.com>

Date 1/31/2023 9:54:28 AM

Subject [XNAT Discussion] Open a browser tab directly into an XNAT experiment page?

--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/5e07d8f0-c758-4d28-88f4-5de9f3774426n%40googlegroups.com.

[MarkC]

Hi Rick,

Many thanks as always.

Best wishes,

Mark

[MarkC]

So, I'm nearly there with this problem but not quite. I can indeed log into the page of a particular experiment, but the only issue is that the OHIF viewer now stops working. Specifically, clicking on the "View Images" link under "Actions" just brings up the spinning cog animation for a split second before it exits. Here's how I'm accessing the page (first the JS, with suitably obfuscated data):

<script type="text/javascript">
    axios.defaults.withCredentials = true;
    axios.defaults.crossOrigin = true;

    $(document).ready(function(){

      $("#button1").on('click', function (event) {
        const url = "https://xnat-host.domain/xnat/xapi/siteConfig/buildInfo";

        const data = {
          headers:{
            'Access-Control-Allow-Origin': true
          },
          username: "AAAAA",
          password: "BBBBB"
        }

        axios.post(url, data,)
        .then(function (response) {
            window.location.href = "https://xnat-host.domain/xnat/data/projects/THE_PROJECT/subjects/THE_SUBJECT/experiments/THE_EXPERIMENT";
        });
      });
    });
</script>

In order for the CORS call to work I had to add the following filter to $CATILINA_HOME/webapps/xnat/WEB-INF/web.xml. Here, "JS-server" is the webserver hosting the JS script above.

   <filter>
     <filter-name>CorsFilter</filter-name>
     <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
     <init-param>
       <param-name>cors.allowed.origins</param-name>
       <param-value>https://JS-server.domain, https://localhost, https://xnat-host.domain</param-value>
     </init-param>
      <init-param>
       <param-name>cors.allowed.methods</param-name>
       <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
     </init-param>
     <init-param>
       <param-name>cors.allowed.headers</param-name>
       <param-value>Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
     </init-param>
     <init-param>
       <param-name>cors.exposed.headers</param-name>
       <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
     </init-param>
     <init-param>
       <param-name>cors.support.credentials</param-name>
       <param-value>true</param-value>
     </init-param>
   </filter>
   <filter-mapping>
     <filter-name>CorsFilter</filter-name>
     <url-pattern>/*</url-pattern>
   </filter-mapping>

Removing this filter and restarting tomcat makes OHIF burst into life. I can't see anything relevant appearing in a log file, but I may be missing it. Any pointers on what special bit of configuration I'm missing, or over zealously included, would be much appreciated.

Mark

[MarkC]

 It turns out I needed to enable async support by adding the following declaration in the filter:

<async-supported>true</async-supported>

 All now works hunky dory.

Mark