GitHub interactive geometry visualization - THttpServer and CORS

Hello,

I am using jsroot in combination with THttpServer to (hopefully) provide a geometry visualization service for a GitHub repository, but I am running into some very annoying issues with THttpServer cors which I am unable to fix with the available documentation (I am sure the answer is there, but its very hard to find).

I have a private (restricted to our organization) GitHub repository which hosts, among other things, some .root files which contain a TGeoManager object called Geometry. I can access the latest version of a geometry via a link such as https://github.com/organization/repository/files/experiment/Geometry.gdml.root?raw=true, which works only if your browser “knows” you have login into GitHub and have permissions. If this is the limiting factor I could host the files in some other open file server in sync with the repo. The THttpServer would have problems downloading this file.

I would like to place some links inside the README of this repo that route you to an interactive visualization of the latest geometry, as is done in the JSROOT demos, such as Read a ROOT file.

I have tried the following solutions without success:

1 - Serving the files with python simple httpserver - CORS problem (I guess http://server:8080 != http://server:8888)

http://server:8080/?nobrowser&file=http://server:8888/files/experiment/Geometry.gdml.root?raw=true&item=Geometry

2 - Serving files directly from GitHub - same CORS problem

http://server:8080/?nobrowser&file=https://github.com/organization/repository/files/experiment/Geometry.gdml.root?raw=true&item=Geometry

I guess a solution would be to use THttpServer as a file server, registering a directoy, but I am not sure how this would be done. I would like to know how this is done in the jsroot geometry examples.

I also tried to register all geometry objects to the server, but this is not a solution since you can only have a TGeoManager instance at a time.

Also it would be really nice if we could use some already available server such as https://root.cern.ch/js/latest to browser an arbitrary ROOT file by giving a link to the file (currently not possible due to cors), maybe this is a security risk, so perhaps restrict the files to friendly domains such as cernbox?.

Thanks!

@linev might help you.

Hi Luis,

Did you check remarks about CORS in JSROOT documentation?

The most easy solution for CORS problem - install JSROOT on the same web server where ROOT files are placed.

THttpServer is not necessary for such application - Apache or any other web server should be sufficient.

Regards,
Sergey

Hello,

Yes, I have read the documentation but I still cannot solve this (I have little experience with html files and such). I think I’m almost there.

If I understood correctly, if I write my own .html file referencing my local JSROOT.core.js file it should work, however, I would have to write all javascript code need to display my geometry which I would like to avoid.

I would like to use https://root.cern/js/latest/ to read the file, and as I see from a comment in the source code this is even suggested:

image1583×618 242 KB

I have made a simple http file server with python (python3 -m http.server) to serve the files and copied the .htaccess file, now the problem seems to be that I am not using https

image1168×425 29 KB

Is there a workaround to use http? otherwise I will look into how to implement https, thanks!

Hi,

You do not need to create HTML files - one still can use index.htm from JSROOT.
Just place on same web server JSROOT and ROOT files. Like make following directory structure:

• jsroot/ - for JSROOT
• files/ - for ROOT files

If server will serve these files, you can use URL http://your.server.url/jsroot/index.htm?file=../files/your_root_file.root

Most probably python ignores .htaccess files - these is apache configuration file.

Regards,
Sergey

Thanks! now I have managed to get it working! thank you very much.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.