DNAnexus Documentation
APIDownloadsIndex of dx CommandsLegal
  • Overview
  • Getting Started
    • DNAnexus Essentials
    • Key Concepts
      • Projects
      • Organizations
      • Apps and Workflows
    • User Interface Quickstart
    • Command Line Quickstart
    • Developer Quickstart
    • Developer Tutorials
      • Bash
        • Bash Helpers
        • Distributed by Chr (sh)
        • Distributed by Region (sh)
        • SAMtools count
        • TensorBoard Example Web App
        • Git Dependency
        • Mkfifo and dx cat
        • Parallel by Region (sh)
        • Parallel xargs by Chr
        • Precompiled Binary
        • R Shiny Example Web App
      • Python
        • Dash Example Web App
        • Distributed by Region (py)
        • Parallel by Chr (py)
        • Parallel by Region (py)
        • Pysam
      • Web App(let) Tutorials
        • Dash Example Web App
        • TensorBoard Example Web App
      • Concurrent Computing Tutorials
        • Distributed
          • Distributed by Region (sh)
          • Distributed by Chr (sh)
          • Distributed by Region (py)
        • Parallel
          • Parallel by Chr (py)
          • Parallel by Region (py)
          • Parallel by Region (sh)
          • Parallel xargs by Chr
  • User
    • Login and Logout
    • Projects
      • Project Navigation
      • Path Resolution
    • Running Apps and Workflows
      • Running Apps and Applets
      • Running Workflows
      • Running Nextflow Pipelines
      • Running Batch Jobs
      • Monitoring Executions
      • Job Notifications
      • Job Lifecycle
      • Executions and Time Limits
      • Executions and Cost and Spending Limits
      • Smart Reuse (Job Reuse)
      • Apps and Workflows Glossary
      • Tools List
    • Cohort Browser
      • Chart Types
        • Row Chart
        • Histogram
        • Box Plot
        • List View
        • Grouped Box Plot
        • Stacked Row Chart
        • Scatter Plot
        • Kaplan-Meier Survival Curve
      • Locus Details Page
    • Using DXJupyterLab
      • DXJupyterLab Quickstart
      • Running DXJupyterLab
        • FreeSurfer in DXJupyterLab
      • Spark Cluster-Enabled DXJupyterLab
        • Exploring and Querying Datasets
      • Stata in DXJupyterLab
      • Running Older Versions of DXJupyterLab
      • DXJupyterLab Reference
    • Using Spark
      • Apollo Apps
      • Connect to Thrift
      • Example Applications
        • CSV Loader
        • SQL Runner
        • VCF Loader
      • VCF Preprocessing
    • Environment Variables
    • Objects
      • Describing Data Objects
      • Searching Data Objects
      • Visualizing Data
      • Filtering Objects and Jobs
      • Archiving Files
      • Relational Database Clusters
      • Symlinks
      • Uploading and Downloading Files
        • Small File Sets
          • dx upload
          • dx download
        • Batch
          • Upload Agent
          • Download Agent
    • Platform IDs
    • Organization Member Guide
    • Index of dx commands
  • Developer
    • Developing Portable Pipelines
      • dxCompiler
    • Cloud Workstation
    • Apps
      • Introduction to Building Apps
      • App Build Process
      • Advanced Applet Tutorial
      • Bash Apps
      • Python Apps
      • Spark Apps
        • Table Exporter
        • DX Spark Submit Utility
      • HTTPS Apps
        • Isolated Browsing for HTTPS Apps
      • Transitioning from Applets to Apps
      • Third Party and Community Apps
        • Community App Guidelines
        • Third Party App Style Guide
        • Third Party App Publishing Checklist
      • App Metadata
      • App Permissions
      • App Execution Environment
        • Connecting to Jobs
      • Dependency Management
        • Asset Build Process
        • Docker Images
        • Python package installation in Ubuntu 24.04 AEE
      • Job Identity Tokens for Access to Clouds and Third-Party Services
      • Enabling Web Application Users to Log In with DNAnexus Credentials
      • Types of Errors
    • Workflows
      • Importing Workflows
      • Introduction to Building Workflows
      • Building and Running Workflows
      • Workflow Build Process
      • Versioning and Publishing Global Workflows
      • Workflow Metadata
    • Ingesting Data
      • Molecular Expression Assay Loader
        • Common Errors
        • Example Usage
        • Example Input
      • Data Model Loader
        • Data Ingestion Key Steps
        • Ingestion Data Types
        • Data Files Used by the Data Model Loader
        • Troubleshooting
      • Dataset Extender
        • Using Dataset Extender
    • Dataset Management
      • Rebase Cohorts and Dashboards
      • Assay Dataset Merger
      • Clinical Dataset Merger
    • Apollo Datasets
      • Dataset Versions
      • Cohorts
    • Creating Custom Viewers
    • Client Libraries
      • Support for Python 3
    • Walkthroughs
      • Creating a Mixed Phenotypic Assay Dataset
      • Guide for Ingesting a Simple Four Table Dataset
    • DNAnexus API
      • Entity IDs
      • Protocols
      • Authentication
      • Regions
      • Nonces
      • Users
      • Organizations
      • OIDC Clients
      • Data Containers
        • Folders and Deletion
        • Cloning
        • Project API Methods
        • Project Permissions and Sharing
      • Data Object Lifecycle
        • Types
        • Object Details
        • Visibility
      • Data Object Metadata
        • Name
        • Properties
        • Tags
      • Data Object Classes
        • Records
        • Files
        • Databases
        • Drives
        • DBClusters
      • Running Analyses
        • I/O and Run Specifications
        • Instance Types
        • Job Input and Output
        • Applets and Entry Points
        • Apps
        • Workflows and Analyses
        • Global Workflows
        • Containers for Execution
      • Search
      • System Methods
      • Directory of API Methods
      • DNAnexus Service Limits
  • Administrator
    • Billing
    • Org Management
    • Single Sign-On
    • Audit Trail
    • Integrating with External Services
    • Portal Setup
    • GxP
      • Controlled Tool Access (allowed executables)
  • Science Corner
    • Scientific Guides
      • Somatic Small Variant and CNV Discovery Workflow Walkthrough
      • SAIGE GWAS Walkthrough
      • LocusZoom DNAnexus App
      • Human Reference Genomes
    • Using Hail to Analyze Genomic Data
    • Open-Source Tools by DNAnexus Scientists
    • Using IGV Locally with DNAnexus
  • Downloads
  • FAQs
    • EOL Documentation
      • Python 3 Support and Python 2 End of Life (EOL)
    • Automating Analysis Workflow
    • Backups of Customer Data
    • Developing Apps and Applets
    • Importing Data
    • Platform Uptime
    • Legal and Compliance
    • Sharing and Collaboration
    • Product Version Numbering
  • Release Notes
  • Technical Support
  • Legal
Powered by GitBook

Copyright 2025 DNAnexus

On this page
  • What is Isolated Browsing?
  • Enable Isolated Browsing
  • How Isolated Browsing Works
  • Data Transfer Restrictions Enforced by Isolated Browsing
  • Restrictions on data transfers between the job and your computer
  • Restrictions on copy and paste operations
  • Key Bindings
  • Key binding tips

Was this helpful?

Export as PDF
  1. Developer
  2. Apps
  3. HTTPS Apps

Isolated Browsing for HTTPS Apps

Restrict data transfer between HTTPS apps and the user's local computer.

Last updated 3 days ago

Was this helpful?

What is Isolated Browsing?

Isolated Browsing is a project-level security feature that restricts data transfer between and the user's local computer. It prevents direct communication between the httpsApp Web Application and the user's local web browser.

Isolated Browsing applies to all httpsApp-enabled jobs in the project, such as jobs running , , , or any other httpsApp-enabled app or applet.

Isolated Browsing is a limited-access feature requiring a separate license. for more information.

Enable Isolated Browsing

To enable Isolated Browsing in a project you have ADMIN access to:

  1. Ensure the project's billTo has the httpsAppIsolatedBrowsingControl license.

  2. Set the project's httpsAppIsolatedBrowsing flag to true.

You can set the project's data access control flags using the DNAnexus CLI.

# As a project admin, set a project's 'httpsAppIsolatedBrowsing' flag to 'true' 
dx api project-xxxx update '{"httpsAppIsolatedBrowsing":true}'

You can also use the CLI to check whether the httpsAppIsolatedBrowsing flag is set.

# Show a project's 'httpsAppIsolatedBrowsing' flag
dx describe project-xxxx
# Show a job's 'httpsApps.isolatedBrowsing' flag
dx describe job-xxxx

How Isolated Browsing Works

Isolated Browsing adds an extra layer to interacting with HTTPS apps. It restricts data transfers between your computer and all httpsApp Web Applications exposed by a job.

Instead of your local web browser directly interacting with the httpsApp Web Application, a separate remote browser handles this communication. Your local browser receives visual updates (screen encodings) from the remote browser, and your actions (keyboard and mouse input) are sent to the remote browser, which then forwards them to the application.

The remote browser starts in full screen mode, focusing user's attention on the job's httpsApp Web Application, such as JupyterLab interface. This hides the remote browser's navigation elements from view.

You can exit the remote browser's full screen mode by hovering your mouse pointer near the top of the window and selecting the floating "X" that appears.

When you exit the full screen mode, you can see the tabs currently opened in the remote browser. You can also open another remote browser tab to visit another httpsApp application on a different httpsApp port.

For example, to see DXJupyterLab's Spark UI interface, visit http://job:8081/ in the remote browser's navigation bar after executing Spark code.

To re-enter the full screen mode, click the vertical three-dot menu in the remote browser's top right corner, and then in the Zoom menu item, click the rectangle-corners icon. You can also use the Zoom controls to enlarge or reduce the size of your app.

If you close the remote browser window, the remote browser will be automatically restarted.

To minimize the risk of unauthorized data transfers, the remote browser is configured to disallow accessing sites other than the httpsApp Web Applications, opening and saving of remote desktop files, installation of Chrome extensions, and accessing the remote browser's DevTools.

Data Transfer Restrictions Enforced by Isolated Browsing

Restrictions on data transfers between the job and your computer

Data transfers over the httpsApp interface between your local computer and the job via APIs exposed by an httpsApp Web Application are disabled.

For example, with Isolated Browsing, you cannot perform the following actions via httpApp interface against a job running DXJupyterLab:

  • Download a file to your local computer from the job, or save a Jupyter notebook to your local computer.

  • Upload a file from your local computer to the job.

  • Invoke JupyterLab API requests using cURL against an httpsApp endpoint of the job.

  • Observe JSON and text information transferred between your local computer and the DXJupyterLab web application in the developer console of your local web browser.

Restrictions on copy and paste operations

Copy and paste of information between your browser and the job is disabled. However, copying and pasting within the isolated job is permitted.

For example, with Isolated Browsing, you cannot perform the following copy and paste actions:

  • Copying text from a window on your local computer, then pasting the copied text into httpsApp Web Application.

  • Copying text from an httpsApp Web Application, then pasting the copied text into a window on your local computer.

Isolated Browsing doesn't prevent you from taking screenshots or photographs of the httpsApp Web Application interface.

Key Bindings

Because the remote browser runs in a Linux environment, httpsApp Web Applications behave as if interacting with a Linux end user and accept Linux key bindings.

Windows users should see minimal differences. On macOS, most key bindings can be converted to the Linux ones by using the control key (^) instead of the command key (⌘).

For example, with macOS, this means you need to use Control + C instead of Command + C when copying selected text in the remote browser.

Key binding tips

  • If you have difficulties entering the hashtag symbol # for comments in a notebook cell, use Control + / instead. On macOS with a British keyboard, use right-option 3 (the ⌥ key to the right of the spacebar, followed by 3).

  • To navigate quickly within a DXJupyterLab cell in edit mode on macOS, use the Fn + Left-arrow, Fn + Right-arrow, Fn + Up-arrow, or Fn + Down-arrow key combinations.

  • To zoom in or out, use Control + + or Control + - key combinations.

To run apps and applets in projects with Isolated Browsing enabled, the httpsApp-enabled executables must have set to NONE.

HTTPS apps
DXJupyterLab
ttyd
LocusZoom
Contact DNAnexus Sales
data access control
httpsApp.shared_access
The concept behind Isolated Browsing
Exit the remote browser's full screen mode by clicking the Exit button in the top middle.
Exiting remote browser's full screen mode reveals remote browser tabs and navigation bar
Access to Spark UI after executing spark code via http://job:8081/ in the remote browser's navigation bar
Re-entering the full screen mode in the remote browser.