Overview

This is a memo on building a proxy server for mdx I’s object storage.

Background

The mdx I user guide explains the following.

https://docs.mdx.jp/ja/index.html#オブジェクトストレージ

This is a DataDirect Networks manual describing the API specifications handled by the S3 Data Service (DDN EXAScaler S3 Data Service) provided by mdx. Please review it together with the object storage usage examples in Tips.

https://docs.mdx.jp/ja/_downloads/b5d961f2c152387fa10ed951d5278f47/S3 Data Services 5.2.7 API Reference Guide.pdf

I loaded this into Google NotebookLM and checked the CORS implementation status. The following is the answer.

Answer

Since the documentation clearly states that the Bucket CORS Feature is not implemented, when JavaScript running in a web browser makes a request directly to the EXAScaler Access S3 API from a different origin (e.g., JavaScript provided by a website on a different domain than the API endpoint), CORS (Cross-Origin Resource Sharing) issues will occur and requests will typically be blocked.

This is due to the web browser’s Same-Origin Policy security mechanism. Access to resources from different origins is restricted unless explicitly allowed by the server. CORS provides this permission mechanism, but since this feature has not yet been implemented in EXAScaler Access S3, there will be no CORS headers in server responses, and the browser will reject cross-origin requests.

Therefore, a workaround such as using a proxy server may be necessary, where client-side requests are first sent to the proxy server, which then makes requests to the EXAScaler Access S3 API, making the origins appear to match. The proxy server can also add necessary headers to API responses.

However, this is just one common method to work around CORS issues, and there are other methods such as matching origins when exposing APIs on the server side. The important point is that since the EXAScaler Access S3 API itself does not support the CORS mechanism, some countermeasure is needed when making cross-origin requests directly from the client side.

Solution

While my understanding may be incorrect in some areas, based on the above answer, I decided to build a proxy server for mdx I’s object storage.

The repository for the proxy server I built is below.

https://github.com/nakamura196/s3-proxy

For example, you can access files on the specified bucket at the following URL.

https://s3-proxy.vercel.app/public/CETEIcean.css

In contrast, the following is an example of direct access.

https://s3ds.mdx.jp/satoru196/public/CETEIcean.css

For the former, you can confirm response headers like the following, verifying that CORS is configured.

aacccdessxxxcgaooatet---cecnntarrpvve:httegvioeeseee::ecwrrs0-nnrtecc-cttSW:-reeco--u/tellonetn"Vrd--ntny,3ea-citrcpdrnbadrooe25csyc:old:3cep:hl:i-loeh-ntMprE:napgeastxdlu:xrb-pM1lbt8srI:olb/2jeeS:wirc0scsSi-cs2gusao,s5RrdrMi1im03t:ga3Dy:ix:K:zn-1Yb:a1Lmdg:gage2Mxm=7V--0wa1,Gig7M7e4mTN=2us66s/39tA09-I74rh28eg06v"05a09l;2i-di2anbtc2el8u6daeaScudb0D6o2mains;preload

Implementation

I implemented it using Express as follows. Note that aws-sdk needs to be migrated to AWS SDK for JavaScript v3.

iiii}caccc}a}a}mmmfopooo)p)p)ppprnpnnnaser;pci}s};pc;ooo(es.ssscene.of3).orrrpqtutttccdggnr.BK..}.}lntttruserpies(eguept)c)isoiaePBsseoott!secyrhrrracr;soecAcrp(OU3stin(k.tk:oeeeetoetlxoWeepcRCKAn:"kesOemnssscnseeprS.s(oTK=ect/eytbtki(...hs.n.rses'=rEyc:p*Uy)aj:esdsss(ts(lefn.ds=TnIer"RteyeaeeeetPosfrveoe(_edspo,L={ucB,(tttnreaOgsrontx)pNw:srcstU)aHHdrrtR(,om使vep)rAKoear((Cee(oruT`m.nr;oMApecsse4{K=aadros,S{"NvecEWryesyq0E>ddar(e"a(O'seSo:s.n/.0Teet=M5rRcwD)ss=.csecfp)_{rra>e0veosE.(sSep.nia.N((.s0eqr-_c).p3srev(ltsA""B{s)=russEo;er(son.reheMACoa.>e"dNnno{.cvAe/.nEcodgjis;kVVfvcee.Wq'sd,cnyes{st"ei.ensAS:u(et)o,;r!gPsvsW_b"se;=nrc=(Os..SRRssn(uRe=)R.Ae_Eet-te{nel;TeWnEGqrC-rns'nSvNIuioTreippv_.DOennyornor.AAPNsgtprrgnoSCWO,t(reos)d43CSI,1o"iroeu0_E_N)l,n:nc0BSSTr;-s}t0USE,eAdtepi;C_Cs使laarofoKKR:ltnrrrnEEEoacoto'TYTRw.erm)___e-CoM$NIAs"Oofe{"{ADCp)rnsPeM,Co;itEsOxEEngeraRpSsinrgTrSentoe}e_)"Tr:sK,y}s'E=p?)$"dY>"e;{;e,*eBf{"rUarCu;oKl'rEta.T-pm_bpeNulsAcisMkcaEeag}tte`-i)no:;anm/'eo'c;tet-stream')';;

Summary

My understanding may be incorrect in some areas, but I hope you find this helpful.