CORS

Last update: April 01 2024

CORS

When a container is accessed, the user's browser declares the domain, request method, and headers in the request. Using cross-domain request technology (CORS), you can restrict access to objects in a container based on the values of these parameters.

To use CORS, the technology must be supported by both the repository and the user's browser; by default, CORS support is included in modern browsers.

CORS must have Virtual-Hosted addressing enabled to work.

You can customize the CORS configuration in the control panel or download the XML configuration file via the S3 API.

CORS Parameters⁠

✓

applies.

Title	Description	Mandatory
AllowedOrigins	List of domains from which requests to the container are allowed.	✓
AllowedHeaders	Headers available for use in a JavaScript application in the browser	✗
ExposeHeaders	Headers allowed in an object request	✗
AllowedMethods	HTTP methods allowed for use in requests. Available methods: GET, PUT, HEAD, POST, DELETE
MaxAgeSeconds	Time for which Preflight request results can be cached (in seconds). If no header is specified, the default value of 3600	✗

Set up the CORS configuration⁠

You can add up to 100 CORS rules.

1. In Control Panel, go to Object Storage → Containers.
2. Open the container page → CORS tab.
3. Click Create Rule.
4. Configure CORS rule parameters.
5. Optional: to add another rule, click Add Rule.
6. Press Create.