Skip to main content

Configure Cross-Origin Resource Sharing (CORS)

Contributors netapp-perveilerk netapp-lhalbert

You can configure Cross-Origin Resource Sharing (CORS) for an S3 bucket if you want that bucket and objects in that bucket to be accessible to web applications in other domains.

What you'll need
  • You must be signed in to the Tenant Manager using a supported web browser.

  • You must belong to a user group that has the Manage All Buckets or the Root Access permission. These permissions override the permissions settings in group or bucket policies.

About this task

Cross-Origin Resource Sharing (CORS) is a security mechanism that allows client web applications in one domain to access resources in a different domain. For example, suppose you use an S3 bucket named Images to store graphics. By configuring CORS for the Images bucket, you can allow the images in that bucket to be displayed on the website

  1. Use a text editor to create the XML required to enable CORS.

    This example shows the XML used to enable CORS for an S3 bucket. This XML allows any domain to send GET requests to the bucket, but it only allows the domain to send POST and DELETE requests. All request headers are allowed.


    For more information about the CORS configuration XML, see Amazon Web Services (AWS) Documentation: Amazon Simple Storage Service Developer Guide.

  2. In the Tenant Manager, select STORAGE (S3) > Buckets.

  3. Select the bucket name from the list.

    The bucket details page appears.

  4. Select Bucket access > Cross-Origin Resource Sharing (CORS).

  5. Select the Enable CORS check box.

  6. Paste the CORS configuration XML into the text box, and select Save changes.

    screenshot showing COR Configuration XML
  7. To modify the CORS setting for the bucket, update the CORS configuration XML in the text box or select Clear to start over. Then select Save changes.

  8. To disable CORS for the bucket, unselect the Enable CORS check box, and then select Save changes.