{"__v":2,"_id":"57852b8287c9280e00903953","category":{"project":"55faf11ba62ba1170021a9a7","version":"55faf11ba62ba1170021a9aa","_id":"5785191af3a10c0e009b75b0","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-07-12T16:21:46.337Z","from_sync":false,"order":24,"slug":"connect-cloud-storage","title":"CONNECT CLOUD STORAGE"},"parentDoc":null,"project":"55faf11ba62ba1170021a9a7","user":"5613e4f8fdd08f2b00437620","version":{"__v":37,"_id":"55faf11ba62ba1170021a9aa","project":"55faf11ba62ba1170021a9a7","createdAt":"2015-09-17T16:58:03.490Z","releaseDate":"2015-09-17T16:58:03.490Z","categories":["55faf11ca62ba1170021a9ab","55faf8f4d0e22017005b8272","55faf91aa62ba1170021a9b5","55faf929a8a7770d00c2c0bd","55faf932a8a7770d00c2c0bf","55faf94b17b9d00d00969f47","55faf958d0e22017005b8274","55faf95fa8a7770d00c2c0c0","55faf96917b9d00d00969f48","55faf970a8a7770d00c2c0c1","55faf98c825d5f19001fa3a6","55faf99aa62ba1170021a9b8","55faf99fa62ba1170021a9b9","55faf9aa17b9d00d00969f49","55faf9b6a8a7770d00c2c0c3","55faf9bda62ba1170021a9ba","5604570090ee490d00440551","5637e8b2fbe1c50d008cb078","5649bb624fa1460d00780add","5671974d1b6b730d008b4823","5671979d60c8e70d006c9760","568e8eef70ca1f0d0035808e","56d0a2081ecc471500f1795e","56d4a0adde40c70b00823ea3","56d96b03dd90610b00270849","56fbb83d8f21c817002af880","573c811bee2b3b2200422be1","576bc92afb62dd20001cda85","5771811e27a5c20e00030dcd","5785191af3a10c0e009b75b0","57bdf84d5d48411900cd8dc0","57ff5c5dc135231700aed806","5804caf792398f0f00e77521","58458b4fba4f1c0f009692bb","586d3c287c6b5b2300c05055","58ef66d88646742f009a0216","58f5d52d7891630f00fe4e77"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-07-12T17:40:18.299Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":8,"body":"[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"On this page:\",\n  \"body\": \"* [Why can't I display the raw data of my file on the CGC?](#why)\\n* [Cross-origin resource sharing](#CORS)\\n * [How to enable CORS on your Amazon S3 buckets](#aws)\\n * [How to enable CORS on your Google Cloud Storage buckets](#gcs)\"\n}\n[/block]\n<a name=\"why\"></a>\n##Why can't I display the raw data of my file on the CGC?\n\nCloud storage providers may implement additional security measures limiting access to the contents of stored objects. This may prevent you from viewing the content of some aliases, even when the files are otherwise readable and can be used as inputs to computation.\n\nFor instance, access to Amazon S3 buckets and objects is managed entirely via Amazon's access policies in most cases. The [Volumes API](doc:volumes-v2) uses this mechanism to authenticate with Amazon when reading from and writing to your buckets.\n\nThis mechanism, however, does not always work. For instance, we receive the following error when we try to access and view the contents of an [alias](aliases) on the visual interface of the CGC in a standards-compliant Web browser.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/cSTrcTDISSpTrFzedStR_Screen%20Shot%202016-05-06%20at%207.13.36%20PM.jpeg\",\n        \"Screen Shot 2016-05-06 at 7.13.36 PM.jpeg\",\n        \"1332\",\n        \"452\",\n        \"#ececec\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\nNote that clicking **Display raw data** differs from other operations involving aliases on the CGC. When you use an alias as an input to computation, view it in the [Seven Bridges Genome Browser](seven-bridges-genome-browser), or download the alias to a local computer, you authenticate with Amazon Web Services using the credentials you used to configure your S3 bucket. \n\nHowever, when the CGCvisual interface tries to display the content of an alias in a browser window, Amazon S3 requires the Web application be hosted in the same domain as the content that it is trying to show. When this requirement is not met, the queried service (Amazon S3) will reject the incoming request even if it is otherwise valid, as shown below:\n\nThis security requirement protects websites and Web services from malicious and potentially insecure access by Web applications written, hosted, and maintained by a third party. In this case, the Amazon S3 Web service does not know or trust the CGC Web application and will not allow it access to your Amazon S3 bucket's contents even if you used the proper credentials to authenticate.\n\n<div align=\"right\"><a href=\"#top\">top</a></div>\n\n<a name=\"cors\"></a>\n##Cross-origin resource sharing\nThere is, however, a way for two Web services to state that they trust each other via <a href=\"https://en.wikipedia.org/wiki/Cross-origin_resource_sharing\" target=\"blank\">Cross-origin resource sharing (CORS)</a>.\n\nCORS is a mechanism for Web services to announce that they will listen to certain requests from Web applications not hosted on their own servers. Note that CORS merely allows the outside applications to talk to the service. It does not grant access to content. Access has to be handled through a dedicated authentication mechanism – in our case, Amazon or Google accounts and policies.\n\nTherefore, you will need to enable CORS on your [Amazon S3](#aws) or [Google Cloud Storage](#gcs) buckets if you'd like to view the contents of your aliases on the CGC visual interface.\n\n<div align=\"right\"><a href=\"#top\">top</a></div>\n\n<a name=\"aws\"></a>\n###How to enable CORS on your Amazon S3 buckets\n\nTo enable CORS on your Amazon S3 bucket, follow these steps:\n\n1. Log into the <a href=\"https://aws.amazon.com/console/\" target=\"blank\">AWS Management Console</a>.\n2. Click **Services** and select **S3**.\n3. Select your desired bucket.\n4. In the right-hand panel, click **Permissions**.\n5. Click **Edit CORS Configuration**.\n6. In the pop-up dialog, paste the following text:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?xml version=\\\"1.0\\\" encoding=\\\"UTF-8\\\"?>\\n<CORSConfiguration xmlns=\\\"http://s3.amazonaws.com/doc/2006-03-01/\\\">\\n    <CORSRule>\\n        <AllowedOrigin>*</AllowedOrigin>\\n        <AllowedMethod>GET</AllowedMethod>\\n        <MaxAgeSeconds>3000</MaxAgeSeconds>\\n        <ExposeHeader>Content-Range</ExposeHeader>\\n        <ExposeHeader>Content-Length</ExposeHeader>\\n        <ExposeHeader>ETag</ExposeHeader>\\n        <AllowedHeader>Authorization</AllowedHeader>\\n        <AllowedHeader>Content-Range</AllowedHeader>\\n        <AllowedHeader>Accept</AllowedHeader>\\n        <AllowedHeader>Content-Type</AllowedHeader>\\n        <AllowedHeader>Origin</AllowedHeader>\\n        <AllowedHeader>Range</AllowedHeader>\\n    </CORSRule>\\n</CORSConfiguration>\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n7. Click **Save**.\n\nThat's it! You should now be able to view your S3 files on the CGC.\n\n<div align=\"right\"><a href=\"#top\">top</a></div>\n\n<a name=\"gcs\"></a>\n###How to enable CORS on your Google Cloud Storage buckets\n\nTo enable CORS on your Google Cloud Storage bucket, follow these steps:\n1. Create a file named sb-cors.json with the content as follows: \n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"[\\n    {\\n        \\\"origin\\\": [\\\"*\\\"],\\n        \\\"method\\\": [\\\"GET\\\"],\\n        \\\"maxAgeSeconds\\\": 3000,\\n        \\\"responseHeader\\\": [\\\"Authorization\\\", \\\"Content-Range\\\", \\\"Accept\\\", \\\"Content-Type\\\", \\\"Origin\\\", \\\"Range\\\"]\\n    }\\n]\",\n      \"language\": \"json\",\n      \"name\": \"sb-cors.json\"\n    }\n  ]\n}\n[/block]\n2. Run the following command in the command line, replacing `BUCKET-NAME` with the name of your bucket:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"gsutil cors set sb-cors.json gs://BUCKET-NAME/\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nThat's it! You should now be able to view your Google Cloud Storage files on the CGC.\n\n<div align=\"right\"><a href=\"#top\">top</a></div>","excerpt":"","slug":"enabling-cross-origin-resource-sharing-cors","type":"basic","title":"Enabling cross-origin resource sharing (CORS)"}

Enabling cross-origin resource sharing (CORS)


[block:callout] { "type": "warning", "title": "On this page:", "body": "* [Why can't I display the raw data of my file on the CGC?](#why)\n* [Cross-origin resource sharing](#CORS)\n * [How to enable CORS on your Amazon S3 buckets](#aws)\n * [How to enable CORS on your Google Cloud Storage buckets](#gcs)" } [/block] <a name="why"></a> ##Why can't I display the raw data of my file on the CGC? Cloud storage providers may implement additional security measures limiting access to the contents of stored objects. This may prevent you from viewing the content of some aliases, even when the files are otherwise readable and can be used as inputs to computation. For instance, access to Amazon S3 buckets and objects is managed entirely via Amazon's access policies in most cases. The [Volumes API](doc:volumes-v2) uses this mechanism to authenticate with Amazon when reading from and writing to your buckets. This mechanism, however, does not always work. For instance, we receive the following error when we try to access and view the contents of an [alias](aliases) on the visual interface of the CGC in a standards-compliant Web browser. [block:image] { "images": [ { "image": [ "https://files.readme.io/cSTrcTDISSpTrFzedStR_Screen%20Shot%202016-05-06%20at%207.13.36%20PM.jpeg", "Screen Shot 2016-05-06 at 7.13.36 PM.jpeg", "1332", "452", "#ececec", "" ] } ] } [/block] Note that clicking **Display raw data** differs from other operations involving aliases on the CGC. When you use an alias as an input to computation, view it in the [Seven Bridges Genome Browser](seven-bridges-genome-browser), or download the alias to a local computer, you authenticate with Amazon Web Services using the credentials you used to configure your S3 bucket. However, when the CGCvisual interface tries to display the content of an alias in a browser window, Amazon S3 requires the Web application be hosted in the same domain as the content that it is trying to show. When this requirement is not met, the queried service (Amazon S3) will reject the incoming request even if it is otherwise valid, as shown below: This security requirement protects websites and Web services from malicious and potentially insecure access by Web applications written, hosted, and maintained by a third party. In this case, the Amazon S3 Web service does not know or trust the CGC Web application and will not allow it access to your Amazon S3 bucket's contents even if you used the proper credentials to authenticate. <div align="right"><a href="#top">top</a></div> <a name="cors"></a> ##Cross-origin resource sharing There is, however, a way for two Web services to state that they trust each other via <a href="https://en.wikipedia.org/wiki/Cross-origin_resource_sharing" target="blank">Cross-origin resource sharing (CORS)</a>. CORS is a mechanism for Web services to announce that they will listen to certain requests from Web applications not hosted on their own servers. Note that CORS merely allows the outside applications to talk to the service. It does not grant access to content. Access has to be handled through a dedicated authentication mechanism – in our case, Amazon or Google accounts and policies. Therefore, you will need to enable CORS on your [Amazon S3](#aws) or [Google Cloud Storage](#gcs) buckets if you'd like to view the contents of your aliases on the CGC visual interface. <div align="right"><a href="#top">top</a></div> <a name="aws"></a> ###How to enable CORS on your Amazon S3 buckets To enable CORS on your Amazon S3 bucket, follow these steps: 1. Log into the <a href="https://aws.amazon.com/console/" target="blank">AWS Management Console</a>. 2. Click **Services** and select **S3**. 3. Select your desired bucket. 4. In the right-hand panel, click **Permissions**. 5. Click **Edit CORS Configuration**. 6. In the pop-up dialog, paste the following text: [block:code] { "codes": [ { "code": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<CORSConfiguration xmlns=\"http://s3.amazonaws.com/doc/2006-03-01/\">\n <CORSRule>\n <AllowedOrigin>*</AllowedOrigin>\n <AllowedMethod>GET</AllowedMethod>\n <MaxAgeSeconds>3000</MaxAgeSeconds>\n <ExposeHeader>Content-Range</ExposeHeader>\n <ExposeHeader>Content-Length</ExposeHeader>\n <ExposeHeader>ETag</ExposeHeader>\n <AllowedHeader>Authorization</AllowedHeader>\n <AllowedHeader>Content-Range</AllowedHeader>\n <AllowedHeader>Accept</AllowedHeader>\n <AllowedHeader>Content-Type</AllowedHeader>\n <AllowedHeader>Origin</AllowedHeader>\n <AllowedHeader>Range</AllowedHeader>\n </CORSRule>\n</CORSConfiguration>", "language": "text" } ] } [/block] 7. Click **Save**. That's it! You should now be able to view your S3 files on the CGC. <div align="right"><a href="#top">top</a></div> <a name="gcs"></a> ###How to enable CORS on your Google Cloud Storage buckets To enable CORS on your Google Cloud Storage bucket, follow these steps: 1. Create a file named sb-cors.json with the content as follows: [block:code] { "codes": [ { "code": "[\n {\n \"origin\": [\"*\"],\n \"method\": [\"GET\"],\n \"maxAgeSeconds\": 3000,\n \"responseHeader\": [\"Authorization\", \"Content-Range\", \"Accept\", \"Content-Type\", \"Origin\", \"Range\"]\n }\n]", "language": "json", "name": "sb-cors.json" } ] } [/block] 2. Run the following command in the command line, replacing `BUCKET-NAME` with the name of your bucket: [block:code] { "codes": [ { "code": "gsutil cors set sb-cors.json gs://BUCKET-NAME/", "language": "text" } ] } [/block] That's it! You should now be able to view your Google Cloud Storage files on the CGC. <div align="right"><a href="#top">top</a></div>