Enabling cross-origin resource sharing (CORS)

šŸš§

On this page:

Why can't I display the raw data of my file on CAVATICA?

Cloud storage providers may implement additional security measures limiting access to the contents of stored objects. This may prevent you from viewing the content of some aliases, even when the files are otherwise readable and can be used as inputs to computation.

For instance, access to Amazon S3 buckets and objects is managed entirely via Amazon's access policies in most cases. This mechanism is used to authenticate with Amazon when reading from and writing to your buckets.

This mechanism, however, does not always work. For instance, we receive the following error when we try to access and view the contents of an alias on the visual interface of CAVATICA in a standards-compliant Web browser.

1332

Note that clicking Display raw data differs from other operations involving aliases on CAVATICA. When you use an alias as an input to computation, view it in the Seven Bridges Genome Browser, or download the alias to a local computer, you authenticate with Amazon Web Services using the credentials you used to configure your S3 bucket.

However, when the Seven Bridges visual interface tries to display the content of an alias in a browser window, Amazon S3 requires the Web application be hosted in the same domain as the content that it is trying to show. When this requirement is not met, the queried service (Amazon S3) will reject the incoming request even if it is otherwise valid, as shown below:

This security requirement protects websites and Web services from malicious and potentially insecure access by Web applications written, hosted, and maintained by a third party. In this case, the Amazon S3 Web service does not know or trust the Seven Bridges Web application and will not allow it access to your Amazon S3 bucket's contents even if you used the proper credentials to authenticate.

Cross-origin resource sharing

There is, however, a way for two Web services to state that they trust each other via Cross-origin resource sharing (CORS).

CORS is a mechanism for Web services to announce that they will listen to certain requests from Web applications not hosted on their own servers. Note that CORS merely allows the outside applications to talk to the service. It does not grant access to content. Access has to be handled through a dedicated authentication mechanism ā€“ in our case, Amazon or Google accounts and policies.

Therefore, you will need to enable CORS on your Amazon S3 or Google Cloud Storage buckets if you'd like to view the contents of your aliases on the Seven Bridges visual interface.

How to enable CORS on your Amazon S3 buckets

To enable CORS on your Amazon S3 bucket, follow these steps:

  1. Log into the AWS Management Console.
  2. Click Services and select S3.
  3. Select your desired bucket.
  4. In the right-hand panel, click Permissions.
  5. Click Edit CORS Configuration.
  6. In the pop-up dialog, paste the following text:
[
    {
        "AllowedOrigins": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "MaxAgeSeconds": 3000,
        "ExposeHeaders": [
             "Content-Range",
             "Content-Length",
             "ETag"
        ],
        "AllowedHeaders": [
            "Authorization",
            "Content-Range",
            "Accept",
            "Content-Type",
            "Origin",
            "Range"
        ]
    }
]
  1. Click Save.

That's it! You should now be able to view your S3 files on CAVATICA.

How to enable CORS on your Google Cloud Storage buckets

To enable CORS on your Google Cloud Storage bucket, follow these steps:

  1. Create a file named sb-cors.json with the content as follows:
[
    {
        "origin": ["*"],
        "method": ["GET"],
        "maxAgeSeconds": 3000,
        "responseHeader": ["Authorization", "Content-Range", "Accept", "Content-Type", "Origin", "Range"]
    }
]
  1. Run the following command in the command line, replacing BUCKET-NAME with the name of your bucket:
gsutil cors set sb-cors.json gs://BUCKET-NAME/

That's it! You should now be able to view your Google Cloud Storage files on CAVATICA.