Custom Content Security Policy headers
Introduction
HTTP security headers are an important part of a website's security posture. They protect against different types of attacks including cross-site scripting (XSS), SQL injection, and clickjacking. Object storage is external to Seqera Platform, and read and write access is strictly limited to a selected group of object storage providers. These select providers are explicitly defined in the Content Security Policy (CSP).
Supported object storage providers
Data Explorer can read from, and write to, the following object storage providers by default:
- Amazon S3
- Google Cloud Object Storage
- Azure Blob Storage
- OCI Object Storage
- Cloudflare R2
- LakeFS Cloud
Subdomain support
If your object storage provider and Seqera deployment share the same subdomain (e.g. minio.janedoepharma.com and platform.janedoepharma.com) then communication between Seqera and provider works without additional customization. However, if your object storage provider and subdomain don't match, the CSP headers need to be customized.