# Enabling CORS For Storage Endpoints
When uploading or downloading files in the workspace portal, data is transfered from the users browser directly to their configured storage endpoint using signed URLs. In order for the buckets or storage accounts to accept requests from the browser application, the hostname of the workspace portal must be allowed in the CORS configuration of the bucket or storage account.
# Configure CORS for Azure Blob Storage
In order to use the workspace portal with a Azure Blob Storage container, CORS must be enabled from your application server for the storage accounts being used.
- In the Azure Portal, select the storage account.
- In the sidebar, click on Resource sharing (CORS).
- Select the Blob service tab.
- For Allowed origins, enter only the protocol and hostname part of your workspace portal URL. For example, if your users would enter
https://files.mycompany.com/workspace/
in their browser to open the portal, enterhttps://files.mycompany.com
here. If you are using a non-standard port, you will need to also include the port number. - For Allowed methods, select all options.
- For Allowed headers, enter content-type,x-ms-*
- Press Save.
# Configure CORS for Amazon S3
In order to use the workspace portal with a Amazon S3 bucket, CORS must be enabled from your application server for the S3 buckets being used.
- In the S3 console, select the bucket.
- Select the Permissions tab.
- Scroll down to the Cross-origin resource sharing (CORS) section.
- Click Edit.
- In the text area, paste the following JSON document. For AllowedOrigins, enter only the protocol and hostname part of your workspace portal URL. For example, if your users would enter
https://files.mycompany.com/workspace/
in their browser to open the portal, enterhttps://files.mycompany.com
here. If you are using a non-standard port, you will need to also include the port number.
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"https://<WORKSPACE_HOSTNAME>"
],
"ExposeHeaders": [
"Etag"
]
}
]
- Click Save changes.
# Configure CORS for Google Cloud Storage
In order to use the workspace portal with a Google Cloud Storage bucket, CORS must be enabled from your application server for the GCS buckets being used.
- Open a text editor on workstation, and create the following text file, adding the hostname of your workspace URL as it would appear in the users browser. For origin, enter only the protocol and hostname part of your workspace portal URL. For example, if your users would enter
https://files.mycompany.com/workspace/
in their browser to open the portal, enterhttps://files.mycompany.com
here. If you are using a non-standard port, you will need to also include the port number.
[
{
"maxAgeSeconds": 3600,
"method": ["PUT"],
"origin": [
"https://<WORKSPACE_HOSTNAME>"
],
"responseHeader": ["content-type"]
}
]
Install the gsutil command line utility.
Run the following command:
gsutil cors set <JSON_FILE_NAME>.json gs://<BUCKET_NAME>
See Configure cross-origin resource sharing (CORS) for more information.
Note
If you plan on accessing the workspace portal with an endpoint configuration which is using a VM instance service account, you must also add the Service Account Token Creator
role to the service account.
# Configure CORS for IBM COS
In order to use the workspace portal with a IBM COS bucket, CORS must be enabled from your application server for the COS buckets being used.
- Open a text editor on workstation, and create the following text file, adding the hostname of your workspace URL as it would appear in the users browser.
{
"CORSRules": [
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"https://<WORKSPACE_HOSTNAME>"
],
"ExposeHeaders": []
}
]
}
Install the ibmcloud command line utility.
Run
ibmcloud plugin install cloud-object-storage
to install the COS extension foribmcloud
Run the following command:
cos bucket-cors-put --bucket <BUCKET_NAME> --cors-configuration file://<JSON_FILE_NAME>.json --region <BUCKET_REGION>