CORS

Last update: May 27 2025

CORS

When a container is accessed, the user's browser declares the domain, request method, and headers in the request. Using cross-domain request technology (CORS), you can restrict access to objects in the container based on the values of these parameters.

To use CORS, the technology must be supported by both the repository and the user's browser; by default, CORS support is included in modern browsers.

Virtual-Hosted addressing must be enabled for CORS to work.

You can customize the CORS configuration in the control panel or upload an XML configuration file via the S3 API.

CORS Parameters⁠

Caption	Description	Mandatory
AllowedOrigins	List of domains from which requests to the container are allowed	✓
AllowedHeaders	Headers available for use in a JavaScript application in the browser	✗
ExposeHeaders	Headers allowed in a request to an object	✗
AllowedMethods	HTTP methods allowed for use in requests. Available methods: GET, PUT, HEAD, POST, DELETE	✓
MaxAgeSeconds	Time for which Preflight request results can be cached (in seconds). If no header is specified, the default value of 3600 applies	✗

Set up the CORS configuration⁠

You can add up to 100 CORS rules.

1. In the Control Panel, on the top menu, click Products and select Object Storage.
2. Go to the Containers section.
3. Open the container page → CORS tab.
4. Click Create Rule.
5. Configure the parameters of the CORS rule.
6. Optional: To add another rule, click Add Rule.
7. Click Create.