CORS

Last update: April 16 2025

CORS

When a container is accessed, the user's browser declares the domain, request method, and headers in the request. Using cross-domain request technology (CORS), you can restrict access to objects in the container based on the values of these parameters.

To use CORS, the technology must be supported by both the repository and the user's browser; by default, CORS support is included in modern browsers.

For CORS to work, there must be Virtual-Hosted addressing is enabled.

You can set up the CORS configuration in the control panel or download the XML configuration file via S3 API.

CORS Parameters⁠

Caption	Description	Mandatory
AllowedOrigins	List of domains from which requests to the container are allowed	✓
AllowedHeaders	Headers available for use in a JavaScript application in the browser	✗
ExposeHeaders	Headers allowed in a request to an object	✗
AllowedMethods	HTTP methods allowed for use in requests. Available methods: GET, PUT, HEAD, POST, DELETE	✓
MaxAgeSeconds	Time for which Preflight request results can be cached (in seconds). If no header is specified, the default value of 3600 applies	✗

Set up the CORS configuration⁠

You can add up to 100 CORS rules.

1. in control panels from the top menu, press Products and select Object Storage.
2. Go to the section Containers.
3. Open the container page → tab CORS.
4. Click Create a rule.
5. Set it up CORS rule parameters.
6. Optional: to add another rule, press Add rule.
7. Click Create.