-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1908 : HtsgetReader should not send HTSGet ticket server headers in data server requests #1909
1908 : HtsgetReader should not send HTSGet ticket server headers in data server requests #1909
Conversation
…y set data url headers for htsget options
It does look like your change conforms to the spec, however I am not in a position to review this change or any htsget related issue. @brainstorm I'm not sure if you use igv.js there, but do you have any comments on this? With this change the Authorization: bearer token will not be included in the data fetch requests unless it was returned in the headers property of the initial response. From reviewing the code, the IGV desktop implementation DOES NOT behave this way. Given how old this code is either (1) everyone is returning the authoriziation bearer headers in the response json, so the fact we are adding it is a no-op, or (2) servers that IGV has been accessing are non-conforming in this regard. |
@andaca Is there an up to date Htsget server that can be used for reference / testing against? It's very hard to maintain Htsget code without a server implementation. I'm not clear on who is using Htsget in the wild. Are you hosting your own files or accessing them from some where else? It's been very hard to tell how active / in demand it is. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be just
const options = {headers: urlData.headers || {})
@jrobinso @andaca @lbergelson A public htsget-rs instance is being deployed very soon (including support for Crypt4GH) in a GA4GH official and public domain, administered by them. Meanwhile, can I interest you in deploying our server locally if you need to test/implement anything htsget client related?: https://github.com/umccr/htsget-rs Happy to help with any troubleshooting, we hope that the docs are clear enough too? We'll fix them presto if not! Public htsget instance announcement aside, I'll now look at this particular issue/question/code and answer in a separate message here, just wanted to get the server support question out of the way fast. /cc @mmalenic |
@brainstorm I think this PR is correct wrt the spec, but not all servers out there are spec-compliant. I'm just running it by you to see if you anticipate any issues at UMCCR. The main effect will be Authorization bearer tokens will not be passed unless the server response to the call to get the "tickets" return them. I'm hesitant to change things that have been working for years untouched. |
Revising the changes and discussing with my colleage @mmalenic, this change would not affect our implementation since:
So I'd say go ahead and merge @jrobinso, although before doing so, I'd like to know what @andaca is testing those changes against? |
Seconding this, yes, this behaviour should be correct spec-wise. This shouldn't be an issue for htsget-rs/UMCCR. |
Thanks for the quick responses :) I stumbled across the defect and tested against a private HTSGet implementation (I'm at Genomics England), but will gladly check out / verify with @brainstorm's implementation (nice one and congrats on the public go-live btw!), though I might not get around to it until next week. Interestingly, seeing mention of pre-signed URLs - it was actually adding S3 presigned URLs to our internal implementation that highlighted this issue; when including an
|
Public htsget+Crypt4GH GA4GH instance up and running, some usage instructions at: https://umccr.org/blog/htsget-rs-crypt4gh/ Pinging potentially interested third parties w.r.t htsget (those raising issues and/or interest in the protocol, server and clients): @antonioaltamura @jmgenomics @alberto1189 @RoadRoller @jimmyhli @oyvinev @GrishaH @mbookman |
Fixes #1908 : HtsgetReader should not send HTSGet ticket server headers in data server requests
HtsgetReader should not include ticket server config / headers in requests to the data server. See issue #1908 for further details.