How to Apply CORS Policies to Vultr Object Storage Buckets
Introduction
Vultr Object Storage is compatible with a subset of the S3 API. See our compatibility matrix for details. This article explains how to apply a Cross-Origin Resource Sharing (CORS) policy to a Vultr Object Storage bucket. Linux and Mac users should follow the instruction for S3cmd. Windows users can use S3 Browser. The CORS policies in this article are examples and must be modified to suit your needs.
Use S3cmd on Mac and Linux
S3cmd is available for Mac and Linux from this download page. Learn how to configure s3cmd for Vultr Object Storage.
View CORS Policy
Use the info command to view the CORS policy for a bucket. If no policy exists, the result is CORS: none.
$ s3cmd info s3://example_bucket
s3://example_bucket/ (bucket):
Location: us
Payer: BucketOwner
Expiration Rule: none
Policy: none
CORS: none
ACL: 12345678: FULL_CONTROLAdd a CORS Policy
Create an XML file named
cors_rules.xml.$ nano cors_rules.xmlPaste the following example.
<CORSConfiguration> <CORSRule> <ID>Allow WebFont for example.com</ID> <AllowedOrigin>https://www.example.com</AllowedOrigin> <AllowedOrigin>http://www.example.com</AllowedOrigin> <AllowedOrigin>https://example.com</AllowedOrigin> <AllowedOrigin>http://example.com</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> <AllowedMethod>HEAD</AllowedMethod> <AllowedHeader>*</AllowedHeader> <ExposeHeader>ETag</ExposeHeader> <MaxAgeSeconds>86400</MaxAgeSeconds> </CORSRule> </CORSConfiguration>Apply the policy with the
setcorscommand.$ s3cmd setcors cors_rules.xml s3://example_bucketUse the
infocommand to view the updated CORS Policy.$ s3cmd info s3://example_bucket s3://example_bucket/ (bucket): Location: us Payer: BucketOwner Expiration Rule: none Policy: none CORS: <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><ID>Allow WebFont for example.com</ID><AllowedMethod>GET</AllowedMethod><AllowedMethod>HEAD</AllowedMethod><AllowedOrigin>http://example.com</AllowedOrigin><AllowedOrigin>http://www.example.com</AllowedOrigin><AllowedOrigin>https://example.com</AllowedOrigin><AllowedOrigin>https://www.example.com</AllowedOrigin><AllowedHeader>*</AllowedHeader><MaxAgeSeconds>86400</MaxAgeSeconds><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration> ACL: 12345678: FULL_CONTROL
Use S3 Browser on Windows
S3 Browser is available for Windows from this download page. Learn how to configure S3 Browser for Vultr Object Storage.
To view and modify a bucket's CORS policy:
Select your bucket.
Click Buckets.
Click CORS Configuration.
Paste your XML policy and click Apply.
Click the remove policy link in the lower left to remove the policy. The Sample CORS Configurations link on this dialog links to a page with more information.
Example XML CORS Policies
A policy that allows hosting WebFonts on Vultr Object Storage might look like this, assuming you allow HTTP and HTTPS, for www.example.com and example.com.
<CORSConfiguration>
<CORSRule>
<ID>Allow WebFont for example.com</ID>
<AllowedOrigin>https://www.example.com</AllowedOrigin>
<AllowedOrigin>http://www.example.com</AllowedOrigin>
<AllowedOrigin>https://example.com</AllowedOrigin>
<AllowedOrigin>http://example.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<ExposeHeader>ETag</ExposeHeader>
<MaxAgeSeconds>86400</MaxAgeSeconds>
</CORSRule>
</CORSConfiguration>An XML CORS policy that allows PUT, POST, and DELETE from https://www.example.com and allows GET from anywhere might look like this:
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>http://www.example.com</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
</CORSRule>
</CORSConfiguration>More Information
To learn more about CORS and how to configure CORS policies, see:
- Cross-Origin Resource Sharing (CORS) at Mozilla.org
- CORS Configuration