CORS Configuration Reference
A CORS configuration is a JSON file in which you define the rules that identify the origins and HTTP methods that can be executed on a bucket.
With a CORS configuration, you can enable cross-origin resource sharing (CORS) on a bucket to allow the bucket to serve cross-origin requests.
This page describes the elements you can specify in a CORS configuration file. Once you have written the file, you need to apply it to your bucket. For more information, see Applying a CORS Configuration to a Bucket.
|
You can define up to 100 rules in a CORS configuration. |
To create a CORS configuration, you need to create a JSON file following this structure:
{
"CORSRules": [
{
"AllowedHeaders": ["xxx","yyy"],
"AllowedMethods": ["PUT", "POST", "DELETE"],
"AllowedOrigins": ["https://www.example.com", "https://www.foobar.example"],
"ExposeHeaders": ["Content-Type"],
"MaxAgeSeconds": 3000
},
{
"AllowedHeaders": ["Authorization"],
"AllowedMethods": ["GET"],
"AllowedOrigins": ["https://yourdomain.tld", "https://www.your_domain.com"],
"MaxAgeSeconds": 3000
}
]
}This file contains the following attributes:
Attribute |
Required |
Description |
||
|
Yes |
One or more rules in the lifecycle configuration.
|
||
|
Yes |
The headers specified in the Access-Control-Request-Headers header. These headers are allowed in preflight OPTIONS requests. In response to preflight OPTIONS requests, allowed requested headers are returned. |
||
|
Yes |
One or more HTTP methods ( |
||
|
Yes |
One or more origins you want to be able to access the bucket from. |
||
|
No |
One or more headers in the response that you want to make accessible. |
||
|
Yes |
The duration in seconds that the preflight response for the specified source can be cached. |
Related Pages