# CORS
Cross-origin Resource Sharing (CORS) allows you to specify which domains can make cross-origin requests to your Object Storage. CORS is beneficial when you need to serve resources from your bucket to web applications hosted on different domains.
{% hint style="info" %}
**Note:** CORS is supported for both contract-owned buckets and user-owned buckets. For more information, see [Bucket Types](https://docs.ionos.com/sections-test/guides/storage-and-backup/ionos-object-storage/concepts/bucket-types).
{% endhint %}
## Use cases
* **Cross-Domain Image Serving:** Suitable for websites that need to display images stored in the Object Storage buckets on the various domains without encountering cross-domain restrictions.
* **Multi-Domain:** Supports complex web applications that operate across multiple domains to access and use data stored in the buckets seamlessly.
* **Development and Testing Environment:** Facilitates the access of development and staging versions of your web applications hosted on different domains to the same Object Storage resources. You can configure the CORS headers on the staging servers to allow requests from the development or testing domains, ensuring seamless testing without running into cross-origin restrictions.
## Manage CORS
You can manage CORS using the DCD, API, and CLI.
### DCD
1\. In the **DCD**, go to **Menu** > **Storage & Backup** > **IONOS Object Storage**.
2\. From the drop-down list in the **Buckets** tab, choose either **Show user-owned buckets** or **Show contract-owned buckets** depending on the bucket type you want to view.
3\. From the **Buckets** list, choose the bucket for which the CORS rule must be configured and click **Bucket settings**.
4\. Go to the **CORS** setting under the **Access management** section and click **Add a rule**.
4\. Enter the following details to configure the CORS rule:
* **Rule name:** Enter a name to identify the rule uniquely.
* **Allowed origins:** Enter the complete domain of the client you want to access your bucket's content from and click **Add**. The domain should start with a protocol identifier, such as HTTP, and end with a hostname; for example, `https://*.example.com`. You can add one or more origins.
* **Allowed headers (Optional):** Specify the non-default headers that your Object Storage bucket must accept from your client and click **Add**. The CORS automatically takes default headers such as `Content-Length` and `Content-Type`.
* **Allowed methods:** Select the API method checkbox to allow interaction with your Object Storage bucket. You can enable or restrict the following API methods:
* `GET`: Fetch the CORS configuration of the bucket.
* `POST`: Create a new bucket.
* `PUT`: Update the bucket's property or content.
* `HEAD`: Retrieve the bucket's metadata.
* `DELETE`: Delete a bucket.
* **Expose headers (Optional):** Specify the headers in the response that you want users to be able to access from their applications and click **Add**.
* **Max age (Optional):** Specify the time in seconds for how long a request’s verification is cached. The Object Storage bucket can accept more requests from the same origin while the verification is cached.
5\. Click **Add a rule**.
{% hint style="success" %}
**Result:** The CORS rule is successfully added.
{% endhint %}
{% hint style="info" %}
**Info:** Using the same CORS bucket settings, you can turn on, off, modify, and delete an existing rule. It takes up to a few minutes for the deletion of a CORS rule to propagate fully.
{% endhint %}
### API
Use the [API](https://api.ionos.com/docs/s3/v2/#tag/CORS) to manage the CORS rules.
### CLI
Use the [CLI](https://docs.ionos.com/sections-test/guides/storage-and-backup/ionos-object-storage/s3-tools/awscli/awscli-cors) to manage CORS configuration.