Cross-origin Resource Sharing (CORS) allows you to specify which domains can make cross-origin requests to your Object Storage. CORS is beneficial when you need to serve resources from your bucket to web applications hosted on different domains.
Note: CORS is supported for both contract-owned buckets and user-owned buckets. For more information, see Bucket Types.
Cross-Domain Image Serving: Suitable for websites that need to display images stored in the S3 buckets on the various domains without encountering cross-domain restrictions.
Multi-Domain: Supports complex web applications that operate across multiple domains to access and use data stored in the S3 buckets seamlessly.
Development and Testing Environment: Facilitates the access of development and staging versions of your web applications hosted on different domains to the same S3 resources. You can configure the CORS headers on the staging servers to allow requests from the development or testing domains, ensuring seamless testing without running into cross-origin restrictions.
You can manage CORS using the DCD, API, and CLI.
1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.
2. From the drop-down list in the Buckets tab, choose either Show user-owned buckets or Show contract-owned buckets depending on the bucket type you want to view.
3. From the Buckets list, choose the bucket for which the CORS rule must be configured and click Bucket settings.
4. Go to the CORS setting under the Access management section and click Add a rule.
4. Enter the following details to configure the CORS rule:
Rule name: Enter a name to identify the rule uniquely.
Allowed origins: Enter the complete domain of the client you want to access your bucket's content from and click Add. The domain should start with a protocol identifier, such as HTTP, and end with a hostname; for example, https://*.example.com
. You can add one or more origins.
Allowed headers (Optional): Specify the non-default headers that your Object Storage bucket must accept from your client and click Add. The CORS automatically takes default headers such as Content-Length
and Content-Type
.
Allowed methods: Select the API method checkbox to allow interaction with your S3 bucket. You can enable or restrict the following API methods:
GET
: Fetch the CORS configuration of the bucket.
POST
: Create a new bucket.
PUT
: Update the bucket's property or content.
HEAD
: Retrieve the bucket's metadata.
DELETE
: Delete a bucket.
Expose headers (Optional): Specify the headers in the response that you want users to be able to access from their applications and click Add.
Max age (Optional): Specify the time in seconds for how long a request’s verification is cached. The Object Storage bucket can accept more requests from the same origin while the verification is cached.
5. Click Add a rule.
Result: The CORS rule is successfully added.
Info: Using the same CORS bucket settings, you can turn on, off, modify, and delete an existing rule. It takes up to a few minutes for the deletion of a CORS rule to propagate fully.
Use the API to manage the CORS rules.
Use the CLI to manage CORS configuration.