From 33ee2430595de32a17bca05b5558ae4126066ac3 Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Fri, 22 Nov 2024 17:44:03 -0500 Subject: [PATCH 01/23] First try at adding JDaviz to image explorer --- .../apps/jwql/templates/explore_image.html | 71 +------------------ jwql/website/apps/jwql/views.py | 3 + 2 files changed, 5 insertions(+), 69 deletions(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index 84ca74bcc..10151b8b8 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,77 +22,10 @@

{{ file_root }}_{{ filetype }}.fits

- -
-
-
-
-
-
-
-
-
-
-
-
- Loading ... -
+
+
- - -
- - - -

Data Settings

-
-
- - -
- -
- Extension:   - {% for extension in extensions %} - {% if extension == 'SCI' %} - {{ extension }}      - {% else %} - {{ extension }}      - {% endif %} - {% endfor %} -
- -
-
- - -
-
- - -
-
-
- - -
-
-
- - -
-
- - -
-
-
-

- Apply Settings -

- -
diff --git a/jwql/website/apps/jwql/views.py b/jwql/website/apps/jwql/views.py index 80dafba37..505f2ef26 100644 --- a/jwql/website/apps/jwql/views.py +++ b/jwql/website/apps/jwql/views.py @@ -924,10 +924,13 @@ def explore_image(request, inst, file_root, filetype): context = {'inst': inst, 'file_root': file_root, 'filetype': filetype, + 'file_path': full_fits_file, 'extensions': extensions, 'extension_groups': extension_groups, 'extension_ints': extension_ints, 'base_url': get_base_url(), + 'jdaviz_host': get_config()["jdaviz"]["host"], + 'jdaviz_port': get_config()["jdaviz"]["port"], 'anomaly_form': anomaly_form, 'comment_form': comment_form} From a08fc7ab92a33a1643fb9fb910bc975bdb5d4a8b Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 13:04:22 -0500 Subject: [PATCH 02/23] Updated image template to a different frame format --- jwql/website/apps/jwql/templates/explore_image.html | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index 10151b8b8..8f6d1e88e 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,9 +22,7 @@

{{ file_root }}_{{ filetype }}.fits

-
- -
+
From f5256e3e67060a3846df1955e876383d685fd05e Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 15:02:58 -0500 Subject: [PATCH 03/23] Trying safe for the iframe --- jwql/website/apps/jwql/templates/explore_image.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index 8f6d1e88e..74f11c2a4 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,7 +22,7 @@

{{ file_root }}_{{ filetype }}.fits

- +
From 7354f3314000eaf12faf84b36f2c20c34e7518ca Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 15:13:28 -0500 Subject: [PATCH 04/23] Trying a change to X-Frame-Options --- jwql/website/jwql_proj/settings.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jwql/website/jwql_proj/settings.py b/jwql/website/jwql_proj/settings.py index 6568eceeb..7c15779ed 100644 --- a/jwql/website/jwql_proj/settings.py +++ b/jwql/website/jwql_proj/settings.py @@ -40,6 +40,9 @@ # SECURITY WARNING: don't run with debug turned on in production! DEBUG = get_config()['django_debug'] +# SECURITY WARNING: This turns the default X_FRAME_OPTIONS value/header from 'DENY' to +# 'SAMEORIGIN', which might potentially allow clickjacking. +X_FRAME_OPTIONS = 'SAMEORIGIN' ALLOWED_HOSTS = ['*'] From a2c8a7bbf064d613a0af36874e3e208fd7ffe5cf Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 15:15:08 -0500 Subject: [PATCH 05/23] Removed X-Frame-Options because it doesn't help with this issue, and is potentially insecure --- jwql/website/jwql_proj/settings.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/jwql/website/jwql_proj/settings.py b/jwql/website/jwql_proj/settings.py index 7c15779ed..1ee38d31f 100644 --- a/jwql/website/jwql_proj/settings.py +++ b/jwql/website/jwql_proj/settings.py @@ -40,10 +40,6 @@ # SECURITY WARNING: don't run with debug turned on in production! DEBUG = get_config()['django_debug'] -# SECURITY WARNING: This turns the default X_FRAME_OPTIONS value/header from 'DENY' to -# 'SAMEORIGIN', which might potentially allow clickjacking. -X_FRAME_OPTIONS = 'SAMEORIGIN' - ALLOWED_HOSTS = ['*'] # Application definition From be1437b59024ba437b97eba07e37f80585d798b6 Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 15:25:15 -0500 Subject: [PATCH 06/23] Trying to allow django to load this particular frame over non-https --- jwql/website/jwql_proj/settings.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jwql/website/jwql_proj/settings.py b/jwql/website/jwql_proj/settings.py index 1ee38d31f..76d429243 100644 --- a/jwql/website/jwql_proj/settings.py +++ b/jwql/website/jwql_proj/settings.py @@ -162,4 +162,5 @@ CSRF_TRUSTED_ORIGINS = ['https://jwql.stsci.edu', 'https://jwql-test.stsci.edu', 'https://jwql-dev.stsci.edu', - 'https://127.0.0.1'] + 'https://127.0.0.1', + 'http://dljwql.stsci.edu'] From 520bc6ea54fec5755a176732cbf7f042d477c82c Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 15:43:50 -0500 Subject: [PATCH 07/23] Trying reverse proxy --- jwql/website/apps/jwql/templates/explore_image.html | 2 +- jwql/website/jwql_proj/settings.py | 1 + jwql/website/jwql_proj/urls.py | 8 +++++++- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index 74f11c2a4..bcc42c6c8 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,7 +22,7 @@

{{ file_root }}_{{ filetype }}.fits

- +
diff --git a/jwql/website/jwql_proj/settings.py b/jwql/website/jwql_proj/settings.py index 76d429243..167dd241c 100644 --- a/jwql/website/jwql_proj/settings.py +++ b/jwql/website/jwql_proj/settings.py @@ -51,6 +51,7 @@ 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', + 'revproxy.apps.RevProxyConfig' ] MIDDLEWARE = [ diff --git a/jwql/website/jwql_proj/urls.py b/jwql/website/jwql_proj/urls.py index e3e224260..04a5ecc0c 100644 --- a/jwql/website/jwql_proj/urls.py +++ b/jwql/website/jwql_proj/urls.py @@ -47,9 +47,14 @@ """ from django.contrib import admin -from django.urls import include, path +from django.urls import include, path, re_path +from revproxy.views import ProxyView from ..apps.jwql import views +from jwql.utils.utils import get_config + +jdaviz_host = get_config()["jdaviz"]["host"] +jdaviz_port = get_config()["jdaviz"]["port"] # Define custom error page views handler404 = views.not_found # Page not found @@ -60,4 +65,5 @@ urlpatterns = [ path('', include('jwql.website.apps.jwql.urls')), path('admin/', admin.site.urls), + path('quickview', ProxyView.as_view(upstream=f'http://{jdaviz_host}:{jdaviz_port}')) ] From 36f6cdd3a911a77f20d0412c58d6759470ef15af Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 15:46:53 -0500 Subject: [PATCH 08/23] Hopefully fixing typo in setting up proxy as absolute page --- jwql/website/apps/jwql/templates/explore_image.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index bcc42c6c8..65912c409 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,7 +22,7 @@

{{ file_root }}_{{ filetype }}.fits

- +
From ee85845e6ff55c6a7a55665505eb28ff4ce62e01 Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 15:51:05 -0500 Subject: [PATCH 09/23] Adding X-FRAME-OPTIONS setting to allow self-embed for reverse proxy --- jwql/website/jwql_proj/settings.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jwql/website/jwql_proj/settings.py b/jwql/website/jwql_proj/settings.py index 167dd241c..0405c20d3 100644 --- a/jwql/website/jwql_proj/settings.py +++ b/jwql/website/jwql_proj/settings.py @@ -40,6 +40,8 @@ # SECURITY WARNING: don't run with debug turned on in production! DEBUG = get_config()['django_debug'] +X_FRAME_OPTIONS = "SAMEORIGIN" + ALLOWED_HOSTS = ['*'] # Application definition From 9bcd5fd1e24be8d0a5515dc2c28e46806829126f Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 15:53:24 -0500 Subject: [PATCH 10/23] Turned the quicklook into a regular expression path because the reverse proxy requires it --- jwql/website/jwql_proj/urls.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/jwql_proj/urls.py b/jwql/website/jwql_proj/urls.py index 04a5ecc0c..8bb111915 100644 --- a/jwql/website/jwql_proj/urls.py +++ b/jwql/website/jwql_proj/urls.py @@ -65,5 +65,5 @@ urlpatterns = [ path('', include('jwql.website.apps.jwql.urls')), path('admin/', admin.site.urls), - path('quickview', ProxyView.as_view(upstream=f'http://{jdaviz_host}:{jdaviz_port}')) + re_path(r'(?Pquickview)', ProxyView.as_view(upstream=f'http://{jdaviz_host}:{jdaviz_port}')) ] From 5bd807f9bb31b5936fa84c4341994326b17a84a7 Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 16:39:20 -0500 Subject: [PATCH 11/23] Try to make the path bare to avoid route conflict issues --- jwql/website/jwql_proj/urls.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/jwql_proj/urls.py b/jwql/website/jwql_proj/urls.py index 8bb111915..2e644fbbd 100644 --- a/jwql/website/jwql_proj/urls.py +++ b/jwql/website/jwql_proj/urls.py @@ -65,5 +65,5 @@ urlpatterns = [ path('', include('jwql.website.apps.jwql.urls')), path('admin/', admin.site.urls), - re_path(r'(?Pquickview)', ProxyView.as_view(upstream=f'http://{jdaviz_host}:{jdaviz_port}')) + re_path(r'quickview(?P.*)', ProxyView.as_view(upstream=f'http://{jdaviz_host}:{jdaviz_port}')) ] From a2935ea39db966613251938949a9116b117215a6 Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 18:34:34 -0500 Subject: [PATCH 12/23] Updating policies for django --- jwql/website/jwql_proj/settings.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jwql/website/jwql_proj/settings.py b/jwql/website/jwql_proj/settings.py index 0405c20d3..bac81cd08 100644 --- a/jwql/website/jwql_proj/settings.py +++ b/jwql/website/jwql_proj/settings.py @@ -40,7 +40,10 @@ # SECURITY WARNING: don't run with debug turned on in production! DEBUG = get_config()['django_debug'] +# Security settings to allow Jdaviz quicklook +# Might well be avoidable if the Jdaviz Solara server were behind an SSH reverse proxy. X_FRAME_OPTIONS = "SAMEORIGIN" +SECURE_CONTENT_TYPE_NOSNIFF = False ALLOWED_HOSTS = ['*'] From 93c7dd0a760f52d0f4a485410c2fe35743520fc5 Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 25 Nov 2024 18:45:00 -0500 Subject: [PATCH 13/23] Trying adding a forwarded header to solara --- jwql/website/jwql_proj/urls.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/jwql_proj/urls.py b/jwql/website/jwql_proj/urls.py index 2e644fbbd..50bd60a11 100644 --- a/jwql/website/jwql_proj/urls.py +++ b/jwql/website/jwql_proj/urls.py @@ -65,5 +65,5 @@ urlpatterns = [ path('', include('jwql.website.apps.jwql.urls')), path('admin/', admin.site.urls), - re_path(r'quickview(?P.*)', ProxyView.as_view(upstream=f'http://{jdaviz_host}:{jdaviz_port}')) + re_path(r'quickview(?P.*)', ProxyView.as_view(upstream=f'http://{jdaviz_host}:{jdaviz_port}', add_x_forwarded=True)) ] From e21f17d42a51dbdabff927860ccb9be486a72a5f Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Tue, 26 Nov 2024 09:01:10 -0500 Subject: [PATCH 14/23] Trying doing quickview as an explicit path --- jwql/website/jwql_proj/urls.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/jwql_proj/urls.py b/jwql/website/jwql_proj/urls.py index 50bd60a11..53929063f 100644 --- a/jwql/website/jwql_proj/urls.py +++ b/jwql/website/jwql_proj/urls.py @@ -65,5 +65,5 @@ urlpatterns = [ path('', include('jwql.website.apps.jwql.urls')), path('admin/', admin.site.urls), - re_path(r'quickview(?P.*)', ProxyView.as_view(upstream=f'http://{jdaviz_host}:{jdaviz_port}', add_x_forwarded=True)) + re_path(r'(?Pquickview.*)', ProxyView.as_view(upstream=f'http://{jdaviz_host}:{jdaviz_port}', add_x_forwarded=True)) ] From b3923e539e4e1482401d6398c246ef2adf5778bf Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Tue, 26 Nov 2024 09:52:49 -0500 Subject: [PATCH 15/23] Increasing size of iframe --- jwql/website/apps/jwql/templates/explore_image.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index 65912c409..8543a32e2 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,7 +22,7 @@

{{ file_root }}_{{ filetype }}.fits

- +
From f258e0a9fa596764cbe01118b502b0172ab32efc Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Wed, 27 Nov 2024 14:05:22 -0500 Subject: [PATCH 16/23] First attempt at image exploration with jdaviz nginx --- jwql/website/apps/jwql/templates/explore_image.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index 8543a32e2..0455d37b6 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,7 +22,7 @@

{{ file_root }}_{{ filetype }}.fits

- +
From e037942c4c8a708347767860b0c2e407ee6c0eca Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Wed, 27 Nov 2024 17:48:55 -0500 Subject: [PATCH 17/23] Trying another way to populate the frame --- .../apps/jwql/templates/explore_image.html | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index 0455d37b6..7ad0da868 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,7 +22,7 @@

{{ file_root }}_{{ filetype }}.fits

- +
@@ -64,5 +64,26 @@
Comments
+ {% endblock %} From 55bafe39f6af3cac4dd3eb0d87ffb37385e86740 Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Wed, 27 Nov 2024 17:51:48 -0500 Subject: [PATCH 18/23] Trying https version --- jwql/website/apps/jwql/templates/explore_image.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index 7ad0da868..15756ccab 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -67,10 +67,10 @@
Comments
- {% endblock %} From 8cd25fb68de69e107fe8e411a35073e00fe63cfd Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Sat, 30 Nov 2024 10:25:45 -0500 Subject: [PATCH 22/23] Updated proxy --- jwql/website/apps/jwql/templates/explore_image.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index d32090840..6b5ee05cb 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,7 +22,7 @@

{{ file_root }}_{{ filetype }}.fits

- +
From 524ccc6b0b46bcec9023808cdc91b22266fe7b74 Mon Sep 17 00:00:00 2001 From: "york@stsci.edu" Date: Mon, 9 Dec 2024 17:54:47 -0500 Subject: [PATCH 23/23] Removed double-jdaviz URL --- jwql/website/apps/jwql/templates/explore_image.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jwql/website/apps/jwql/templates/explore_image.html b/jwql/website/apps/jwql/templates/explore_image.html index 6b5ee05cb..d32090840 100644 --- a/jwql/website/apps/jwql/templates/explore_image.html +++ b/jwql/website/apps/jwql/templates/explore_image.html @@ -22,7 +22,7 @@

{{ file_root }}_{{ filetype }}.fits

- +