CORS Configuration Reference

A CORS configuration is a JSON file in which you define the rules that identify the origins and HTTP methods that can be executed on a bucket.

With a CORS configuration, you can enable cross-origin ressource sharing (CORS) on a bucket to allow the bucket to serve cross-origin requests.

This page describes the elements you can specify in a CORS configuration file. Once you have written the file, you need to apply it to your bucket. For more information, see Applying a CORS Configuration to a Bucket.

You can define up to 100 rules in a CORS configuration.

To create a CORS configuration, you need to create a JSON file following this structure:

Configuration structure
  "CORSRules": [
      "AllowedHeaders": ["xxx","yyy"],
      "AllowedMethods": ["PUT", "POST", "DELETE"],
      "AllowedOrigins": ["", "https://www.foobar.example"],
      "ExposeHeader": ["Content-Type"],
      "MaxAgeSeconds": 3000
      "AllowedHeaders": ["Authorization"],
      "AllowedMethods": ["GET"],
      "AllowedOrigins": ["https://yourdomain.tld", ""],
      "MaxAgeSeconds": 3000

This file contains the following attributes:

Attribute Required Description



The headers specified in the Access-Control-Request-Headers header. These headers are allowed in preflight OPTIONS requests. In response to preflight OPTIONS requests, allowed requested headers are returned.



One or more HTTP methods (GET | PUT | HEAD | POST | DELETE) that you allow the origin to execute.



One or more origins you want to be able to access the bucket from.



One or more headers in the response that you want to make accessible.



The duration in seconds that the preflight response for the specified source can be cached.

Related Pages