Picture source requiring bearer token

Inherited a case where we have a picture source that is set to a GET call to retrieve a dynamic image.

The new version requires authentication/authorization to make the call which now fails as shown in the console log.

All of our “other” API calls use jquery and manage supplying the correct info.

Does GoJS offer any hooks to provide this or any idea how this could be solved relatively simply. BTW we are still on 1.7.27.


Is this a CORS problem? You don’t provide any details about the error.
If so, have you set Picture | GoJS API ?
Please read GoJS Pictures -- Northwoods Software

No it is not a CORS issue, it is an authorization issue, since the resource is protected

where the source is set to:
https://xxx.example.com/diagram/services/diagrams/rest/structure/getDecoratorImage?diagramID=L297&nodeID=L301&decoratorID=_wXCOMiNPTqSf3WBi4xUD6g which points to a REST API that returns an image, but the API is a protected resource.

And the diagram code is simply a picture binding:

Yes, and how is authorization done? With a cookie? If this worked before, what has changed?

If your page has an <img> element whose src is that URI, does it load the image properly?

how is authorization done? With a cookie?
access token and cookie.

If this worked before, what has changed?
it worked when this was deployed in a desktop app with a local web server, so no authorization at the time.

If your page has an element whose src is that URI, does it load the image properly?
I don’t have that, but I would say that it won’t since the resource is protected. When we switched to a web environment, all of our API requests are handled via a hook on jquery ajax send to provide the appropriate credentials, hence why I was asking if such a hook is available from GoJS to intercept the call.

I still don’t know enough about your situation to say. You don’t have a problem specifying the URI, do you?

The Picture.source string is passed to an HTMLImageElement as its src property. That Img element is cached and shared by all Pictures that use that Picture.source value. Normally when an Img element does a GET request it will send the appropriate cookie(s), if available.

I do recommend that you make sure you get everything working when you use an HTMLImageElement on the page. In other words, make sure everything works outside of (independent of) your diagram.

Thanks for the help. Found a possible solution here using service workers, but realized that a similar issue had been addressed already before with an unprotected API endpoint for other images.