Stream: cds hooks
Topic: Sandbox
Kevin Olbrich (Apr 24 2018 at 11:37):
What are the plans for the cds-hooks sandbox wrt the upcoming connectathon in May? I'd like to get some of our applications compatible with it so others can collaborate, but the 1.0 version of the sandbox seems to be a bit out of date (at least in the JWT handling). It looks like there is a version 2.0 of the sandbox under development with more current JWT handling, but I don't know if it has been deployed anywhere.
Kevin Shekleton (Apr 24 2018 at 18:13):
The 2.0 version of the Sandbox is at https://cds-hooks.github.io/sandbox-2.0/. @Zach Plata & I are working to get it ready in time for the Connectathon so that it is up to date with the latest spec.
Kevin Olbrich (Apr 24 2018 at 18:13):
Awesome! Thanks @Kevin Shekleton and @Zach Plata
Dave Carlson (Apr 25 2018 at 00:01):
@Kevin Shekleton I tried a quick test of the 2.0 sandbox, in prep for the connectathon. It appears that this sandbox supports only https, not http. This requires any participating CDS hook services to also support https. This may be a requirement for CDS Hooks 1.0 security? If so, would be good to communicate this requirement ahead of the connectathon. I'll need to get https enabled on my server for CDS services...
Kevin Shekleton (Apr 25 2018 at 21:29):
@Dave Carlson - It supports HTTP too. The deployment link I posted was just the default Github Pages URL which is what you get by default. Once we swap the old Sandbox with the 2.0 version, both HTTP and HTTPS will be available.
Kevin Shekleton (Apr 25 2018 at 21:30):
As an aside, you can always tell your browser to allow mixed mode connections; in other words, allow your browser to make an HTTP call from an HTTP website. This is a security risk but since the HTTP connection is to your CDS Service, it isn't a concern
Dave Carlson (Apr 25 2018 at 21:54):
Thanks, Kevin. I found the Chrome setting to allow mixed mode content, so it's working now.
Jim Cain (May 08 2018 at 17:31):
Is the Sandbox 2.0 going to support editing the cds-service configurations, as the previous version did?
Zach Plata (May 08 2018 at 20:10):
Hey @Jim Cain , are you referring to editing the CDS Service "definitions" that come back from the discovery endpoints?
Jim Cain (May 08 2018 at 20:11):
@Zach Plata Yes, in the "Configure CDS Services" window.
Zach Plata (May 08 2018 at 20:16):
This piece of functionality wasn't originally planned due to the main part of this modal just being able to delete / toggle individual services. However it is possible to add this back. Mind logging a Github issue for it? https://github.com/cds-hooks/sandbox-2.0/issues
Out of curiosity, which part(s) of the service definition did you find most useful in editing from the old Sandbox?
Jim Cain (May 08 2018 at 20:23):
Actually I hadn't previously used the old Sandbox. We were discussing the absence of the "sub" attribute in the new sandbox and thought that adding something to the request body might be a useful workaround. Then we realized we couldn't edit the service def in the new sandbox.
Jim Cain (May 08 2018 at 20:25):
It would be easier to just add a hard-coded "sub" to the JWT payload instead of enabling the editing of the service defs.
Zach Plata (May 08 2018 at 20:30):
Ah, like the sub field in the JWT for a service request. This isn't exposed (in either Sandbox). The editing feature from the old Sandbox was just a way to edit the "metadata" that comes back from pinging the service discovery endpoint. You're probably looking for a way to edit the JWT that gets sent in requests. We could look at adding an option in the Sandbox to view the JWT header and payload and edit the fields there to be sent in future service requests? @Kevin Shekleton thoughts on this?
Jim Cain (May 08 2018 at 20:31):
Yes, I'm referring to sub in the JWT payload. The 1.0 spec says that it's required, but the new sandbox does not include it.
Jim Cain (May 08 2018 at 20:31):
There is a thread on here about sub.
Kevin Shekleton (May 08 2018 at 20:38):
I think an enhancement to inspect (and change!) the JWT makes sense. I can see how someone would want to change the JWT to set bad values to ensure that their CDS Service rejects requests with bad JWTs. Inspection of the JWT would be convenient (rather than copying/pasting the value to jwt.io)
Kevin Shekleton (May 08 2018 at 20:45):
Issue logged around this JWT enhancement in the Sandbox: https://github.com/cds-hooks/sandbox-2.0/issues/32
Kevin Shekleton (May 08 2018 at 20:47):
Regarding the sub field, I had @Zach Plata hold off on it (see https://github.com/cds-hooks/sandbox-2.0/issues/20#issuecomment-384654352) but we'll add it in quick and remove it later if we decide to remove it from the spec during this ballot resolution process
Jim Cain (May 08 2018 at 20:48):
That would be great. Thanks @Kevin Shekleton
Kevin Shekleton (May 08 2018 at 20:51):
sub field issue: https://github.com/cds-hooks/sandbox-2.0/issues/33
Kevin Shekleton (May 08 2018 at 21:26):
@Jim Cain - The sub field is being populated now (thanks @Zach Plata!): https://github.com/cds-hooks/sandbox-2.0/pull/34
Jim Cain (May 08 2018 at 21:33):
Thanks @Kevin Shekleton and @Zach Plata for the quick turnaround!
Josh Mandel (Jul 29 2019 at 20:59):
Currently https://sandbox.cds-hooks.org/ is not working for me on the "Rx View" tab
app.bundle.js:28 Uncaught (in promise) TypeError: Cannot read property 'prescriptionDates' of undefined
at t.createFhirResource (app.bundle.js:28)
at Object.generateContext (app.bundle.js:95)
I'm guessing this relates to https://github.com/cds-hooks/sandbox/pull/98 -- @Jonathan Percival @Jonathan Percival are you seeing the same?
Jeremie Osaghae-Nosa (Jul 30 2019 at 14:01):
I'm getting the same issue @Josh Mandel
JP (Jul 30 2019 at 14:26):
@Josh Mandel
Looks like the merge of the pama branch wasn't correct. Here's the fix:
https://github.com/cds-hooks/sandbox/pull/106
Jeremie Osaghae-Nosa (Jul 30 2019 at 16:19):
Trying to install the cds sandbox local and getting lots of requiring peer dependencies. However, even when those are installed it is still failing. Wondering if anyone had any similar issues.
Josh Mandel (Jul 30 2019 at 23:51):
Can you share an error log?
Josh Mandel (Jul 30 2019 at 23:53):
Thanks for tracking this down @Jonathan Percival !
Christopher Stehno (Jan 08 2020 at 16:26):
Lesson learned at CMS Connectathon, if you're getting an error:
Access to XMLHttpRequest at '<your server name>' from origin 'https://sandbox.cds-hooks.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
add the following HTTP headers on the responses:
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token, Authorization
If you're not able to modify those headers in your code, you can also workaround the issue by launching Chrome with the following option:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir=$HOME\chrome
Last updated: Apr 12 2022 at 19:14 UTC
