search
Log in

CORS

Cross Origin Resource Sharing Configuration

hashtag
GetBucketCors

get
/{Bucket}?cors

Returns the cors configuration information set for the bucket. To use this operation, you must have permission to perform the GetBucketCORS operation. By default, the bucket owner has this permission and can grant it to others.

S3 API Compatibility - The x-amz-expected-bucket-owner header isn't supported.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
corsboolean · enumRequiredPossible values:
Responses
chevron-right
200

Success

application/xml
get
/{Bucket}?cors
200

Success

hashtag
PutBucketCors

put
/{Bucket}?cors

Sets the `CORS` configuration for your bucket. If the configuration exists, it will be overwritten and replaced.

To use this operation, you must be allowed to perform the `PutBucketCORS` operation. By default, the bucket owner has this permission and can grant it to others.

You set this configuration on a bucket so that the bucket can service cross-origin requests. For example, you might want to enable a request whose origin is `http://www.example.com` to access your IONOS Object Storage bucket at `my.example.bucket.com` by using the browser's `XMLHttpRequest` capability.

To enable cross-origin resource sharing (CORS) on a bucket, you add the `cors` subresource to the bucket. The `cors` subresource is an XML document in which you configure rules that identify origins and the HTTP methods that can be executed on your bucket. The document is limited to 64 KB in size.

When IONOS Object Storage receives a cross-origin request (or a pre-flight OPTIONS request) against a bucket, it evaluates the `cors` configuration on the bucket and uses the first `CORSRule` rule that matches the incoming browser request to enable a cross-origin request. For a rule to match, the following conditions must be met:

  • The request's `Origin` header must match `AllowedOrigin` elements.

  • The request method (for example, GET, PUT, HEAD, and so on) or the `Access-Control-Request-Method` header in case of a pre-flight `OPTIONS` request must be one of the `AllowedMethod` elements.

  • Every header specified in the `Access-Control-Request-Headers` request header of a pre-flight request must match an `AllowedHeader` element.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
corsboolean · enumRequiredPossible values:
Header parameters
Content-MD5stringOptional

The base64 encoded MD5 digest of the message (without the headers) according to RFC 1864.

Body
Responses
chevron-right
200

Success

put
/{Bucket}?cors
200

Success

No content

hashtag
DeleteBucketCors

delete
/{Bucket}?cors

Deletes the CORS configuration information set for the bucket.

To use this operation, you must have permission to perform the PutBucketCORS operation. The bucket owner has this permission by default and can grant this permission to others.

S3 API Compatibility - The x-amz-expected-bucket-owner header isn't supported.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
corsboolean · enumRequiredPossible values:
Responses
delete
/{Bucket}?cors
204

Success

No content
PreviousObjectsNextEncryption

Last updated

Was this helpful?