Hi all,

Posting this in case it helps anyone using BIIGLE remote locations with files served through nginx from THREDDS, Apache, Tomcat, NAS web servers, or other institutional file servers.

If image URLs open directly in a browser, but BIIGLE shows broken images or 403 Forbidden, this may be relevant.

I ran into exactly that issue using BIIGLE remote locations with files served from a THREDDS server behind nginx.

Setup

BIIGLE volume files were hosted at URLs like:

https://example.org/thredds/fileServer/biigle_dataset/image001.jpg

nginx added the expected CORS header:

Access-Control-Allow-Origin: https://biigle.de

and direct requests in browser / curl worked.

Problem

Inside BIIGLE, images returned:

403 Forbidden

But only when loaded cross-site from BIIGLE.

After testing, the difference was that BIIGLE/browser requests include:

Origin: https://biigle.de
Referer: https://biigle.de/

Those headers were being proxied upstream to THREDDS, which rejected the request.

Solution

Strip Origin and Referer in nginx for the BIIGLE public file path, and let nginx handle CORS itself.

location ^~ /thredds/fileServer/biigle_dataset/ {

    add_header Access-Control-Allow-Origin "https://biigle.de" always;
    add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS" always;
    add_header Access-Control-Allow-Headers "Range, Content-Type" always;
    add_header Access-Control-Expose-Headers "Accept-Ranges, Content-Range, Content-Length" always;

    if ($request_method = OPTIONS) {
        return 204;
    }

    proxy_pass http://some_thredds_service;

    proxy_set_header Origin "";
    proxy_set_header Referer "";
}

Result

BIIGLE remote images now load correctly.

In case it helps others

If remote files work directly in browser/curl but fail only inside BIIGLE with 403, check whether your upstream server is rejecting forwarded Origin or Referer headers.