Skip to main content
CORS
Last update:

CORS

When a container is accessed, the user's browser declares the domain, request method, and headers in the request. Using cross-domain request technology (CORS), you can restrict access to objects in the container based on the values of these parameters.

To use CORS, the technology must be supported by both the repository and the user's browser; by default, CORS support is included in modern browsers.

Virtual-Hosted addressing must be enabled for CORS to work.

You can customize the CORS configuration in the control panel or upload an XML configuration file via the S3 API.

CORS Parameters

CaptionDescriptionMandatory
AllowedOriginsList of domains from which requests to the container are allowed
AllowedHeadersHeaders available for use in a JavaScript application in the browser
ExposeHeadersHeaders allowed in a request to an object
AllowedMethodsHTTP methods allowed for use in requests. Available methods: GET, PUT, HEAD, POST, DELETE
MaxAgeSecondsTime for which Preflight request results can be cached (in seconds). If no header is specified, the default value of 3600 applies

Set up the CORS configuration

You can add up to 100 CORS rules.

  1. In the Control Panel, on the top menu, click Products and select Object Storage.
  2. Go to the Containers section.
  3. Open the container page → CORS tab.
  4. Click Create Rule.
  5. Configure the parameters of the CORS rule.
  6. Optional: To add another rule, click Add Rule.
  7. Click Create.