To enable cross-origin resource sharing (CORS) for your AI Object Storage bucket, you need to set an XML CORS configuration usingDocumentation Index
Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
Use this file to discover all available pages before exploring further.
s3:PutBucketCORS. This configuration defines which origins, HTTP methods, and headers are permitted. For more information about CORS, see CORS for Web Browser Access.
Prerequisites
- Have the
Object Storage AdminIAM role (assigned through CoreWeave IAM Access Policies), or equivalent permissions to configure AI Object Storage access policies. - Ensure that your AI Object Storage organization and/or bucket access policies grant your principal the
s3:PutBucketCORSaction (ors3:*) on the target bucket. - Have the
aws s3apiCLI tool installed and configured for your AI Object Storage environment.
All origins GET request
This policy allows cross-origin resource sharing (CORS) for a specific bucket. It has one statement that allows all origins to performGET requests on the bucket:
All Origins GET Requests
*) to perform GET requests on the bucket. You can customize the AllowedOrigin, AllowedMethod, and AllowedHeader elements to suit your needs.
You can set this CORS configuration using the aws s3api command:
Replace [BUCKET-NAME] with the name of your bucket.
cors.xml contains the CORS configuration in XML format, like the example above.
Specific origin with multiple methods
The following example restricts CORS to a specific origin and allows multiple HTTP methods, as well as specific headers. This configuration also sets aMaxAgeSeconds value to cache the preflight response for 30 minutes and exposes a custom header x-amz-request-id to the client.
Restrict to a Specific Origin and Multiple Methods