Configuring Cross-Origin Resource Sharing (CORS)

You can configure Cross-Origin Resource Sharing (CORS) for an S3 bucket if you want that bucket and objects in that bucket to be accessible to web applications in other domains.

Before you begin

About this task

Cross-origin resource sharing (CORS) is a security mechanism that allows client web applications in one domain to access resources in a different domain. For example, suppose you use an S3 bucket named Images to store graphics. By configuring CORS for the Images bucket, you can allow the images in that bucket to be displayed on the website http://www.example.com.

Steps

  1. Use a text editor to create the XML required to enable CORS.
    Example

    This example shows the XML used to enable CORS for an S3 bucket. This XML allows any domain to send GET requests to the bucket, but it only allows the http://www.example.com domain to send POST and DELETE requests. All request headers are allowed.

    <CORSConfiguration
        xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
        <CORSRule>
            <AllowedOrigin>*</AllowedOrigin>
            <AllowedMethod>GET</AllowedMethod>
            <AllowedHeader>*</AllowedHeader>
        </CORSRule>
        <CORSRule>
            <AllowedOrigin>http://www.example.com</AllowedOrigin>
            <AllowedMethod>GET</AllowedMethod>
            <AllowedMethod>POST</AllowedMethod>
            <AllowedMethod>DELETE</AllowedMethod>
            <AllowedHeader>*</AllowedHeader>
        </CORSRule>   
    </CORSConfiguration>
    See Amazon Web Services (AWS) Documentation: Amazon Simple Storage Service Developer Guide for more information about the CORS configuration XML.
  2. In the Tenant Manager, go to S3 > Buckets.
  3. Select the bucket from the list, and click Configure CORS.
  4. Paste the CORS configuration XML into the text box, and click Save.
    Example

    screenshot showing COR Configuration XML
  5. To modify the CORS setting for the bucket, update the CORS configuration XML in the text box, and click Save.
  6. To disable CORS for the bucket, delete the CORS configuration XML from the text box, and click Save.