JASMIN Help Site logo JASMIN Help Site logo
  • Docs 
  • Guides 
  • Training 
  • Discussions   
    •   Search this site  

Can't find what you're looking for?

Try our Google custom search, across all JASMIN sites

Docs
    • get started with jasmin
    • generate ssh key pair
    • get jasmin portal account
    • get login account
    • beginners training workshop
    • how to contact us about jasmin issues
    • jasmin status
    • jasmin training accounts
    • tips for new users
    • how to login
    • multiple account types
    • present ssh key
    • reconfirm email address
    • reset jasmin account password
    • ssh auth
    • storage
    • understanding new jasmin storage
    • update a jasmin account
    • interactive computing overview
    • check network details
    • login servers
    • login problems
    • graphical linux desktop access using nx
    • nx update nov24
    • sci servers
    • tenancy sci analysis vms
    • transfer servers
    • jasmin notebooks service
    • creating a virtual environment in the notebooks service
    • project specific servers
    • dask gateway
    • access from vscode
    • lotus overview
    • slurm scheduler overview
    • slurm queues
    • lotus cluster specification
    • how to monitor slurm jobs
    • how to submit a job
    • how to submit an mpi parallel job
    • example job 2 calc md5s
    • orchid gpu cluster
    • slurm status
    • slurm quick reference
    • software overview
    • quickstart software envs
    • python virtual environments
    • additional software
    • community software esmvaltool
    • community software checksit
    • conda environments and python virtual environments
    • Creating and using miniforge environments
    • idl
    • jasmin sci software environment
    • jasmin software faqs
    • jaspy envs
    • matplotlib
    • nag library
    • name dispersion model
    • geocat replaces ncl
    • postgres databases on request
    • running python on jasmin
    • running r on jasmin
    • rocky9 migration 2024
    • software migration 2020
    • share software envs
    • data transfer overview
    • data transfer tools
    • globus transfers with jasmin
    • bbcp
    • ftp and lftp
    • globus command line interface
    • globus connect personal
    • gridftp cert based auth
    • gridftp ssh auth
    • rclone
    • rsync scp sftp
    • hpxfer access role
    • scheduling automating transfers
    • transfers from archer2
    • apply for access to a gws
    • elastic tape command line interface hints
    • faqs storage
    • gws etiquette
    • gws scanner ui
    • gws scanner
    • gws alert system
    • install xfc client
    • xfc
    • introduction to group workspaces
    • jdma
    • managing a gws
    • secondary copy using elastic tape
    • share gws data on jasmin
    • share gws data via http
    • using the jasmin object store
    • configuring cors for object storage
    • ceda archive
    • external access to mass faq
    • how to apply for mass access
    • moose the mass client user guide
    • setting up your jasmin account for access to mass
    • introduction to the jasmin cloud
    • jasmin cloud portal
    • cluster as a service
    • cluster as a service kubernetes
    • cluster as a service identity manager
    • cluster as a service slurm
    • cluster as a service pangeo
    • cluster as a service shared storage
    • adding and removing ssh keys from an external cloud vm
    • provisioning tenancy sci vm managed cloud
    • sysadmin guidance external cloud
    • best practice
    • rose cylc on jasmin
    • using cron
    • mobaxterm
    • requesting resources
    • processing requests for resources
    • acknowledging jasmin
    • approving requests for access
    • working with many linux groups
    • jasmin conditions of use
    • get started with jasmin
    • generate ssh key pair
    • get jasmin portal account
    • get login account
    • beginners training workshop
    • how to contact us about jasmin issues
    • jasmin status
    • jasmin training accounts
    • tips for new users
    • how to login
    • multiple account types
    • present ssh key
    • reconfirm email address
    • reset jasmin account password
    • ssh auth
    • storage
    • understanding new jasmin storage
    • update a jasmin account
    • interactive computing overview
    • check network details
    • login servers
    • login problems
    • graphical linux desktop access using nx
    • nx update nov24
    • sci servers
    • tenancy sci analysis vms
    • transfer servers
    • jasmin notebooks service
    • creating a virtual environment in the notebooks service
    • project specific servers
    • dask gateway
    • access from vscode
    • lotus overview
    • slurm scheduler overview
    • slurm queues
    • lotus cluster specification
    • how to monitor slurm jobs
    • how to submit a job
    • how to submit an mpi parallel job
    • example job 2 calc md5s
    • orchid gpu cluster
    • slurm status
    • slurm quick reference
    • software overview
    • quickstart software envs
    • python virtual environments
    • additional software
    • community software esmvaltool
    • community software checksit
    • conda environments and python virtual environments
    • Creating and using miniforge environments
    • idl
    • jasmin sci software environment
    • jasmin software faqs
    • jaspy envs
    • matplotlib
    • nag library
    • name dispersion model
    • geocat replaces ncl
    • postgres databases on request
    • running python on jasmin
    • running r on jasmin
    • rocky9 migration 2024
    • software migration 2020
    • share software envs
    • data transfer overview
    • data transfer tools
    • globus transfers with jasmin
    • bbcp
    • ftp and lftp
    • globus command line interface
    • globus connect personal
    • gridftp cert based auth
    • gridftp ssh auth
    • rclone
    • rsync scp sftp
    • hpxfer access role
    • scheduling automating transfers
    • transfers from archer2
    • apply for access to a gws
    • elastic tape command line interface hints
    • faqs storage
    • gws etiquette
    • gws scanner ui
    • gws scanner
    • gws alert system
    • install xfc client
    • xfc
    • introduction to group workspaces
    • jdma
    • managing a gws
    • secondary copy using elastic tape
    • share gws data on jasmin
    • share gws data via http
    • using the jasmin object store
    • configuring cors for object storage
    • ceda archive
    • external access to mass faq
    • how to apply for mass access
    • moose the mass client user guide
    • setting up your jasmin account for access to mass
    • introduction to the jasmin cloud
    • jasmin cloud portal
    • cluster as a service
    • cluster as a service kubernetes
    • cluster as a service identity manager
    • cluster as a service slurm
    • cluster as a service pangeo
    • cluster as a service shared storage
    • adding and removing ssh keys from an external cloud vm
    • provisioning tenancy sci vm managed cloud
    • sysadmin guidance external cloud
    • best practice
    • rose cylc on jasmin
    • using cron
    • mobaxterm
    • requesting resources
    • processing requests for resources
    • acknowledging jasmin
    • approving requests for access
    • working with many linux groups
    • jasmin conditions of use
  1. Home
  2. Docs
  3. Short term project storage
  4. Configuring CORS for object storage

Configuring CORS for object storage

 

Share via
JASMIN Help Site
Link copied to clipboard

Confguring cross-origin resource sharing (CORS) for object storage.

On this page
  • Introduction
  • S3 CORS configuration
  • Prerequisites
  • CORS XML Configuration File
  • Applying CORS Settings to a Bucket

Introduction  

This article describes how to configure Cross-Origin Resource Sharing (CORS) on a JASMIN Caringo S3 object store.

S3 CORS configuration  

JASMIN’s DataCore (previously Caringo) S3 object storage allows domain owners to configure Cross-Origin Resource Sharing (CORS) at bucket level. This article assumes you have read the this help article which introduces the object store and the use of the s3cmd command line tool.

Prerequisites  

You will need a valid S3 Token ID and Secret Key for the domain that you wish to modify.

e.g.

key will not be displayed again!
Token ID: <The Token for your Domain>
S3 Secret Key: <The Secret for your Domain>
Expiration Date: 2024-02-13
Owner: <Your JASMIN ID>
Description: test
See using s3cmd for instructions on generating these.

CORS XML Configuration File  

CORS configuration is set on the S3 bucket using an XML file format, as shown below:

<CORSConfiguration>
   <CORSRule>
      <AllowedOrigin>http://www.example1.com</AllowedOrigin>
      <AllowedMethod>PUT</AllowedMethod>
      <AllowedMethod>POST</AllowedMethod>
      <AllowedMethod>DELETE</AllowedMethod>
      <AllowedHeader>*</AllowedHeader>
   </CORSRule>
   <CORSRule>
      <AllowedOrigin>http://www.example2.com</AllowedOrigin>
      <AllowedMethod>PUT</AllowedMethod>
      <AllowedMethod>POST</AllowedMethod>
      <AllowedMethod>DELETE</AllowedMethod>
      <AllowedHeader>*</AllowedHeader>
   </CORSRule>
   <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
   </CORSRule>
</CORSConfiguration>

The above example shows a configuration which allows CORS access from external web sites www.example1.com  and www.example2.com  .

You can create a new file on your filesystem to store your CORS configuration using the above example as a reference. In the next step, you’ll learn how to apply this file to your bucket.

Applying CORS Settings to a Bucket  

To apply the CORS XML file you’ve created, you can use any S3 compatible client to set the CORS configuration.

The following example uses s3cmd on a Linux system.

First confirm that your s3cmd settings are correct by showing the info of the bucket.

e.g.

s3cmd info s3://testbin1
s3://testbin1/ (bucket):
   Location:  objectstore4.jc.rl.ac.uk
   Payer:     none
   Expiration Rule: none
   Policy:    {
                "Version":"2008-10-17",
                "Id":"testbin1 Policy",
                "Statement": [
                  {
                    "Sid":"1: Full access for Users",
                    "Effect":"Allow",
                    "Principal":{"anonymous":["*"]},
                    "Action":["*"],
                    "Resource":"*"
                  },
                  {
                    "Sid":"2: Read-only access for Everyone",
                    "Effect":"Allow",
                    "Principal":{"anonymous":["*"]},
                    "Action":["GetObject","GetBucketCORS"],
                    "Resource":"*"
                  }
                ]
              }
   CORS:      none
   ACL:       ahuggan: FULL_CONTROL

This example shows a bucket which currently doesn’t have a CORS policy set. Specifically, this is the section we’re interested in:

   CORS:      none

In this example, we’ll set a simple “allow all” CORS configuration. We’ve already created a file named test-cors-file which we will be uploading to the bucket:

<CORSConfiguration>
  <CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
  </CORSRule>
</CORSConfiguration>

Using the s3cmd command, we apply the CORS XML file to our S3 bucket:

s3cmd setcors test-cors-file s3://testbin1

(your S3 address will be different to the one shown here)

We can now run the info command to confirm that the CORS configuration from our file has been set on the bucket:

s3cmd info s3://testbin1
s3://testbin1/ (bucket):
   Location:  objectstore4.jc.rl.ac.uk
   Payer:     none
   Expiration Rule: none
   Policy:    {
                "Version":"2008-10-17",
                "Id":"testbin1 Policy",
                "Statement": [
                  {
                    "Sid":"1: Full access for Users",
                    "Effect":"Allow",
                    "Principal":{"anonymous":["*"]},
                    "Action":["*"],
                    "Resource":"*"
                  },
                  {
                    "Sid":"2: Read-only access for Everyone",
                    "Effect":"Allow",
                    "Principal":{"anonymous":["*"]},
                    "Action":["GetObject","GetBucketCORS"],
                    "Resource":"*"
                  }
                ]
              }
   CORS:      <CORSConfiguration>
                <CORSRule>
                  <AllowedOrigin>*</AllowedOrigin>
                  <AllowedMethod>HEAD</AllowedMethod>
                  <AllowedMethod>GET</AllowedMethod>
                  <AllowedHeader>*</AllowedHeader>
                </CORSRule>
              </CORSConfiguration>
   ACL:       ahuggan: FULL_CONTROL

To delete the CORS config from the bucket, we can run the following command:

s3cmd delcors s3://testbin1
s3://testbin1/: CORS deleted
Last updated on 2024-03-22 as part of:  added cors article (6e586dbdc)
On this page:
  • Introduction
  • S3 CORS configuration
  • Prerequisites
  • CORS XML Configuration File
  • Applying CORS Settings to a Bucket
Follow us

Social media & development

     

Useful links

  • CEDA Archive 
  • CEDA Catalogue 
  • JASMIN 
  • JASMIN Accounts Portal 
  • JASMIN Projects Portal 
  • JASMIN Cloud Portal 
  • JASMIN Notebooks Service 
  • JASMIN Community Discussions 

Contact us

  • Helpdesk
UKRI/STFC logo
UKRI/NERC logo
NCAS logo
NCEO logo
Accessibility | Terms and Conditions | Privacy and Cookies
Copyright © 2024 Science and Technology Facilities Council.
Hinode theme for Hugo licensed under Creative Commons (CC BY-NC-SA 4.0).
JASMIN Help Site
Code copied to clipboard