seqviz icon indicating copy to clipboard operation
seqviz copied to clipboard

Published 20 hours ago verified publisher icon Lattice-Automation

Help iGEM fix their web server

Open guzmanvig opened this issue 4 years ago • 4 comments

When using a BioBrick id, the request to get the part is blocked by CORS policy, and therefore nothing shows. There was a fix in place using a proxy but was undone in the latest commit.

guzmanvig avatar Jun 03 '21 21:06 guzmanvig

I undid this because I was using some weird proxy to enable CORS requests to the igem repo: https://github.com/Lattice-Automation/seqviz/commit/f750ece7e6bb1288cc16d7a515ba3b01ac646a3e#diff-aa5fd89899a2687dec52e1359ab9c8573e33f7b89228878c49307a5ed2124b0c

The proxy is now opt-in (but was always a hack, shouldn't have been there)

The proxy service wasn't magic, it was another service that someone configured the HTTP headers/request correctly where I was not: https://github.com/Rob--W/cors-anywhere

TODO here is fix the request so we have our GETs configured the way cors-anywhere used to: https://github.com/Lattice-Automation/seqviz/blob/develop/src/io/externalToPart.js#L30-L32

jjti avatar Jun 16 '21 00:06 jjti

https://gist.github.com/jimmywarting/ac1be6ea0297c16c477e17f8fbe51347

jjti avatar Jul 24 '22 21:07 jjti

the real fix is to communicate to iGEM how this should be fixed. But I tried that like 7 years ago to no success

jjti avatar Jul 24 '22 21:07 jjti

Request sent to [email protected]

Hello!

My name is Joshua Timmons, and I'm a software engineer maintaining a sequence viewer library here: https://github.com/Lattice-Automation/seqviz

It's for rendering sequences. It has a feature where users pass an accession ID, and it fetches that part from the iGEM registry. I was doing that for a while via a CORS proxy that set the Host header on the request to circumvent the iGEM registry disallowing CORS requests. That proxy has shut down, and we can no longer query parts from the iGEM registry.

My hope and request here is for you to enable cross-origin requests on the registry's Apache web server via this setting: https://enable-cors.org/server_apache.html (I see it's Apache).

Reasons to do this:

  • It will let web-based applications reference parts from the iGEM registry. Currently, the registry's parts are not accessible via any browser-based applications. This includes sequence viewers like the one linked above but also covers any client-side application that wants to reference parts in the registry
  • The registry is less useful to external applications if they cannot query parts from the registry without spoofing the Host. It should be possible and easy for folks to develop applications that reference parts within the registry
  • CORS isn't a security mechanism and iGEM isn't protecting anything by disallowing CORS requests. Users can and do (via CORS proxies) make requests against the registry with a fake Host header
  • Comparable registries like NCBI allow cross-origin requests

I am happy to talk more about this or help implement this. I believe it will help many downstream users of the iGEM registry.

With thanks, Josh

jjti avatar Jul 24 '22 22:07 jjti

iGEM has not and won't prioritize this

jjti avatar Mar 11 '23 16:03 jjti