[IGBF-3211] Update logic to send redirect url to IGB Data Source endpoint - JIRA UNCC

Details

Type: Task
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Labels:
None

Story Points:
2
Epic Link:
Build Track Hub converter
Sprint:
Fall 5 2022 Oct 24, Fall 7 2022 Nov 21

Description

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final one. See IGBF-3196 (IGB data source logic cannot follow redirects see full comment )

Attachments

Issue Links

blocks

IGBF-3196 Investigate: Why is the password asked for twice after adding secure data source.

To-Do

IGBF-3204 Create secure quickload that redirects

Closed

Activity

Ascending order - Click to sort in descending order

Karthik Raveendran created issue - 03/Nov/22 2:25 PM

Karthik Raveendran made changes - 03/Nov/22 2:25 PM

Field	Original Value	New Value
Epic Link		IGBF-2831 [ 19524 ]

Karthik Raveendran made changes - 03/Nov/22 2:25 PM

Link

This issue blocks IGBF-3196 [ IGBF-3196 ]

Karthik Raveendran made changes - 03/Nov/22 2:26 PM

Description

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final redirection url.

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final one.

Karthik Raveendran made changes - 03/Nov/22 2:27 PM

Description

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final one.

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final one. See IGBF-3196 to

Karthik Raveendran made changes - 03/Nov/22 2:27 PM

Description

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final one. See IGBF-3196 to

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final one. See IGBF-3196 (IGB data source logic cannot follow redirects)

Karthik Raveendran made changes - 03/Nov/22 2:28 PM

Description

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final one. See IGBF-3196 (IGB data source logic cannot follow redirects)

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final one. See IGBF-3196 ([IGB data source logic cannot follow redirects | https://jira.bioviz.org/browse/IGBF-3196?focusedCommentId=36226&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-36226])

Karthik Raveendran made changes - 03/Nov/22 2:29 PM

Description

When the user clicks on Add Hub to IGB, the logic should follow the redirects and send IGB the final one. See IGBF-3196 (IGB data source logic cannot follow redirects [see full comment | https://jira.bioviz.org/browse/IGBF-3196?focusedCommentId=36226&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-36226])

Karthik Raveendran made changes - 03/Nov/22 3:06 PM

Link

This issue blocks ~~IGBF-3204~~ [ ~~IGBF-3204~~ ]

Nowlan Freese made changes - 03/Nov/22 4:20 PM

Sprint

Fall 6 2022 Nov 7 [ 158 ]

Fall 5 2022 Oct 24 [ 157 ]

Nowlan Freese made changes - 03/Nov/22 4:21 PM

Status

To-Do [ 10305 ]

In Progress [ 3 ]

Ann Loraine made changes - 05/Nov/22 12:59 AM

Sprint

Fall 5 2022 Oct 24 [ 157 ]

Fall 5 2022 Oct 24, Fall 6 2022 Nov 7 [ 157, 158 ]

Ann Loraine made changes - 05/Nov/22 12:59 AM

Rank

Ranked higher

Nowlan Freese made changes - 08/Nov/22 10:28 AM

Status

In Progress [ 3 ]

To-Do [ 10305 ]

Karthik Raveendran made changes - 09/Nov/22 3:52 PM

Status

To-Do [ 10305 ]

In Progress [ 3 ]

Hide

Permalink

Karthik Raveendran added a comment - 10/Nov/22 10:40 AM

Redirecting links with passwords is raising some CORS issues and the suggestions online is that the changes need to made in the servers where the links are served. Reading up on CORS to bypass the errors.

Show

Karthik Raveendran added a comment - 10/Nov/22 10:40 AM Redirecting links with passwords is raising some CORS issues and the suggestions online is that the changes need to made in the servers where the links are served. Reading up on CORS to bypass the errors.

Karthik Raveendran made changes - 15/Nov/22 9:56 AM

Status

In Progress [ 3 ]

To-Do [ 10305 ]

Ann Loraine made changes - 16/Nov/22 10:35 AM

Sprint

Fall 5 2022 Oct 24, Fall 6 2022 Nov 7 [ 157, 158 ]

Fall 5 2022 Oct 24 [ 157 ]

Ann Loraine made changes - 22/Nov/22 11:00 AM

Priority

Major [ 3 ]

Blocker [ 1 ]

Karthik Raveendran made changes - 22/Nov/22 3:39 PM

Sprint

Fall 5 2022 Oct 24 [ 157 ]

Fall 5 2022 Oct 24, Fall 7 2022 Nov 21 [ 157, 159 ]

Karthik Raveendran made changes - 22/Nov/22 3:39 PM

Status

To-Do [ 10305 ]

In Progress [ 3 ]

Hide

Permalink

Karthik Raveendran added a comment - 01/Dec/22 10:23 AM

While using the fetch API, bypassing the CORS issue seems to be possible for http://igbquickload.org/secureQuickloadTestSites/secureSiteTest but the response sent back does not have a 401 Unauthorised status. Instead the status is 0, however, the status in postman sends a 401 with a HTML body which is the correct response. Conclusion: probably because CORS headers sent in the request is incorrect or a CORS middleware issue at the server-side.

Using ajax, CORS issue persists but I was able to bypass that. The problem however is handling the datatype of the response between json and html. The response is html but that throws a CORS error when handled and json throws a unexpected token error. At one point the basic authentication modal appeared once but I was unable to replicate the same results after that.

Another problem is that after the authorization issue is resolved, handling redirection could be problematic because it depends on the response provided by the server we are hitting.

Show

Karthik Raveendran added a comment - 01/Dec/22 10:23 AM While using the fetch API, bypassing the CORS issue seems to be possible for http://igbquickload.org/secureQuickloadTestSites/secureSiteTest but the response sent back does not have a 401 Unauthorised status. Instead the status is 0, however, the status in postman sends a 401 with a HTML body which is the correct response. Conclusion: probably because CORS headers sent in the request is incorrect or a CORS middleware issue at the server-side. Using ajax, CORS issue persists but I was able to bypass that. The problem however is handling the datatype of the response between json and html. The response is html but that throws a CORS error when handled and json throws a unexpected token error. At one point the basic authentication modal appeared once but I was unable to replicate the same results after that. Another problem is that after the authorization issue is resolved, handling redirection could be problematic because it depends on the response provided by the server we are hitting.

Hide

Permalink

Ann Loraine added a comment - 01/Dec/22 10:36 AM - edited

Discussion from scrum:

We have not observed any track hubs having this problem.
Question: The track hub scheme / protocol was originally developed to enable users to connect the UCSC Genome Browser to new data that the user deploys on their host or hosts.

Upon discussion, we realized the CORS or redirection issues will never take place for the Track Hub metadata files because these are actually only read ever read by the middleware converter code. That is, the Django back end will retrieve/read the remote Track Hub metadata files and translate them into igb quickload metadata files, which IGB requests from the the middleware.

Seems like this issue is not really related to the Track Hub code itself because the "converted" quickload metadata "files" will never be password-protected or redirected because we control the middleware.

Show

Ann Loraine added a comment - 01/Dec/22 10:36 AM - edited Discussion from scrum: We have not observed any track hubs having this problem. Question: The track hub scheme / protocol was originally developed to enable users to connect the UCSC Genome Browser to new data that the user deploys on their host or hosts. Upon discussion, we realized the CORS or redirection issues will never take place for the Track Hub metadata files because these are actually only read ever read by the middleware converter code. That is, the Django back end will retrieve/read the remote Track Hub metadata files and translate them into igb quickload metadata files, which IGB requests from the the middleware. Seems like this issue is not really related to the Track Hub code itself because the "converted" quickload metadata "files" will never be password-protected or redirected because we control the middleware.

Hide

Permalink

Ann Loraine added a comment - 01/Dec/22 11:09 AM - edited

Looks like this is not a problem related to track hubs because the middleware handles (or should handle) redirections related to retrieving metadata files from track hubs and there's no way the UCSC Genome Browser will ever be able to display data or track hubs that are password-protected due to how the UCSC browser is implemented.

Just for fun, look into whether UCSC Genome Browser can display data from a password-protected track hub site (where the metadata files require password authentication) or if it can display data files that are password-protected. Check the help list for people requesting such a feature : password protection for data or metafile files.

Moving to Closed.

Show

Ann Loraine added a comment - 01/Dec/22 11:09 AM - edited Looks like this is not a problem related to track hubs because the middleware handles (or should handle) redirections related to retrieving metadata files from track hubs and there's no way the UCSC Genome Browser will ever be able to display data or track hubs that are password-protected due to how the UCSC browser is implemented. Just for fun, look into whether UCSC Genome Browser can display data from a password-protected track hub site (where the metadata files require password authentication) or if it can display data files that are password-protected. Check the help list for people requesting such a feature : password protection for data or metafile files. Moving to Closed.