No Authentication token for some requests produced by Html5 Report Viewer

5 posts, 0 answers
  1. Aleksandar
    Aleksandar avatar
    8 posts
    Member since:
    Nov 2015

    Posted 01 Dec 2016 Link to this post

    Hi. 

     

    We use Html5 Report Viewer and set authentication token through it's property authenticationToken.

    Everything works fine except that viewer generates a request without the token.

     

    Here is the url:

    http://localhost:59815/api/reports/clients/173901-cdb6/instances/173902-9976/documents/173902-d1da173902-1f2a/resources/expand.png/

     

    And headers:

    GET http://localhost:59815/api/reports/clients/173901-cdb6/instances/173902-9976/documents/173902-d1da173902-1f2a/resources/expand.png/ HTTP/1.1
    Host: localhost:59815
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
    Accept: image/webp,image/*,*/*;q=0.8
    Referer: http://localhost:59815/
    Accept-Encoding: gzip, deflate, sdch, br
    Accept-Language: en-US,en;q=0.8,de-DE;q=0.6,de;q=0.4

  2. Stef
    Admin
    Stef avatar
    3610 posts

    Posted 05 Dec 2016 Link to this post

    Hello Aleksandar,

    Image resources can be obtained without authorization.

    In general, the report is processed and rendered in HTML on the server, and the Reporting REST service delivers the HTML in the HTML5 Viewer. IMG elements in the HTML perform get requests to load the images.


    If you want to check what resources are requested on the server, you can override the ReportsControllerBase.GetResource(String,String,String,String) method.

    Regards,
    Stef
    Telerik by Progress
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  3. Kasun
    Kasun avatar
    22 posts
    Member since:
    Oct 2016

    Posted 25 Apr 2018 Link to this post

    Hi Stef, 

    I have a question on this.I have a "$.ajaxSetup" function in the report viewer UI code and it will set all our security headers on "beforeSend" of all the ajax calls. But this particular image call does not go through usual ajax call route. 

    Is there a reason for that? Is it been called by something else other than ajax? 

    I just want to set our security headers on all the ajax calls going from the UI to reporting server REST service.

  4. Kasun
    Kasun avatar
    22 posts
    Member since:
    Oct 2016

    Posted 25 Apr 2018 Link to this post

    Hi Stef, 

    Is there a way to set custom headers to these image resource calls? I have a "$.ajaxSetup" and its "beforeSend" sets my headers to all the ajax calls going out. 

    But these calls don't go through it. 

     

  5. Ivan Hristov
    Admin
    Ivan Hristov avatar
    198 posts

    Posted 01 May 2018 Link to this post

    Hi Kasun,

    I believe you are referring to the expand/collapse handlers that trigger the toggle visibility actions on a report. Since they represent a static image, which is not bound to data, their retrieval is handled by the browser with a simple HTTP request. No specific ajax calls are performed, because these elements are just images with a src that points to a server-side resource. Discussions about the same subject can be followed here and here - they could give you more details on the subject.

    We'll also be glad if we can have some information about the current project and why it is required to have custom headers set on <img> elements upon retrieval. This discussion can be continued in a new support ticket if a publicly visible forum thread is inappropriate.

    Regards,
    Ivan Hristov
    Progress Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Back to Top