Isolated Browsing for HTTPS Apps
Restrict data transfer between HTTPS apps and the user's local computer.
Last updated
Was this helpful?
Restrict data transfer between HTTPS apps and the user's local computer.
Last updated
Was this helpful?
Isolated Browsing is a project-level security feature that restricts data transfer between and the user's local computer. It prevents direct communication between the httpsApp Web Application and the user's local web browser.
Isolated Browsing applies to all httpsApp-enabled jobs in the project, such as jobs running , , , or any other httpsApp-enabled app or applet.
To enable Isolated Browsing in a project you have ADMIN access to:
Ensure the project's billTo
has the httpsAppIsolatedBrowsingControl
license.
Set the project's httpsAppIsolatedBrowsing
flag to true
.
You can set the project's data access control flags using the DNAnexus CLI.
You can also use the CLI to check whether the httpsAppIsolatedBrowsing
flag is set.
Isolated Browsing adds an extra layer to interacting with HTTPS apps. It restricts data transfers between your computer and all httpsApp Web Applications exposed by a job.
Instead of your local web browser directly interacting with the httpsApp Web Application, a separate remote browser handles this communication. Your local browser receives visual updates (screen encodings) from the remote browser, and your actions (keyboard and mouse input) are sent to the remote browser, which then forwards them to the application.
The remote browser starts in full screen mode, focusing user's attention on the job's httpsApp Web Application, such as JupyterLab interface. This hides the remote browser's navigation elements from view.
You can exit the remote browser's full screen mode by hovering your mouse pointer near the top of the window and selecting the floating "X" that appears.
When you exit the full screen mode, you can see the tabs currently opened in the remote browser. You can also open another remote browser tab to visit another httpsApp application on a different httpsApp port.
For example, to see DXJupyterLab's Spark UI interface, visit http://job:8081/
in the remote browser's navigation bar after executing Spark code.
To re-enter the full screen mode, click the vertical three-dot menu in the remote browser's top right corner, and then in the Zoom menu item, click the rectangle-corners icon. You can also use the Zoom controls to enlarge or reduce the size of your app.
If you close the remote browser window, the remote browser will be automatically restarted.
To minimize the risk of unauthorized data transfers, the remote browser is configured to disallow accessing sites other than the httpsApp Web Applications, opening and saving of remote desktop files, installation of Chrome extensions, and accessing the remote browser's DevTools.
Data transfers over the httpsApp interface between your local computer and the job via APIs exposed by an httpsApp Web Application are disabled.
For example, with Isolated Browsing, you cannot perform the following actions via httpApp interface against a job running DXJupyterLab:
Download a file to your local computer from the job, or save a Jupyter notebook to your local computer.
Upload a file from your local computer to the job.
Invoke JupyterLab API requests using cURL against an httpsApp endpoint of the job.
Observe JSON and text information transferred between your local computer and the DXJupyterLab web application in the developer console of your local web browser.
Copy and paste of information between your browser and the job is disabled. However, copying and pasting within the isolated job is permitted.
For example, with Isolated Browsing, you cannot perform the following copy and paste actions:
Copying text from a window on your local computer, then pasting the copied text into httpsApp Web Application.
Copying text from an httpsApp Web Application, then pasting the copied text into a window on your local computer.
Isolated Browsing doesn't prevent you from taking screenshots or photographs of the httpsApp Web Application interface.
Because the remote browser runs in a Linux environment, httpsApp Web Applications behave as if interacting with a Linux end user and accept Linux key bindings.
Windows users should see minimal differences. On macOS, most key bindings can be converted to the Linux ones by using the control key (^) instead of the command key (⌘).
For example, with macOS, this means you need to use Control + C instead of Command + C when copying selected text in the remote browser.
If you have difficulties entering the hashtag symbol #
for comments in a notebook cell, use Control + / instead. On macOS with a British keyboard, use right-option 3
(the ⌥ key to the right of the spacebar, followed by 3).
To navigate quickly within a DXJupyterLab cell in edit mode on macOS, use the Fn + Left-arrow, Fn + Right-arrow, Fn + Up-arrow, or Fn + Down-arrow key combinations.
To zoom in or out, use Control + + or Control + - key combinations.
To run apps and applets in projects with Isolated Browsing enabled, the httpsApp-enabled executables must have set to NONE
.
http://job:8081/
in the remote browser's navigation bar