Configure CORS for Web Browser Access
Configure CORS policies to allow web browsers to access your Object Storage buckets from different domains.
To enable cross-origin resource sharing (CORS) for your CAIOS bucket, you need to set an XML CORS configuration using s3:PutBucketCORS. This configuration defines which origins, HTTP methods, and headers are permitted.
All origins GET request
This policy allows cross-origin resource sharing (CORS) for a specific bucket. It has one statement that allows all origins to perform GET requests on the bucket:
<CORSConfiguration><CORSRule><AllowedOrigin>*</AllowedOrigin><AllowedMethod>GET</AllowedMethod><AllowedHeader>*</AllowedHeader><MaxAgeSeconds>3000</MaxAgeSeconds></CORSRule></CORSConfiguration>
In this example, the CORS configuration allows any origin (*) to perform GET requests on the bucket. You can customize the AllowedOrigin, AllowedMethod, and AllowedHeader elements to suit your needs.
You can set this CORS configuration using the aws s3api command:
$aws s3api put-bucket-cors --bucket my-bucket --cors-configuration file://cors.xml
Where cors.xml contains the CORS configuration in XML format, like the example above.
Specific origin with multiple methods
The following example restricts CORS to a specific origin and allows multiple HTTP methods, as well as specific headers. This configuration also sets a MaxAgeSeconds value to cache the preflight response for 30 minutes and exposes a custom header x-amz-request-id to the client.
<CORSConfiguration><CORSRule><AllowedOrigin>https://www.example.com</AllowedOrigin><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedHeader>Authorization</AllowedHeader><AllowedHeader>Content-Type</AllowedHeader><MaxAgeSeconds>1800</MaxAgeSeconds><ExposeHeader>x-amz-request-id</ExposeHeader></CORSRule></CORSConfiguration>