--- title: CORS url: https://docs.vultr.com/products/storage/object-storage/advanced/cors description: A security feature that controls which websites can access resources on your server through cross-origin requests. publish_date: 2024-10-01T21:22:37.801481Z last_updated: 2026-05-26T19:42:12.865888Z --- # How to Apply CORS Policies to Vultr Object Storage Subscription Buckets Vultr Object Storage subscription allows users to configure Cross-Origin Resource Sharing (CORS) policies to control which external origins can access resources within their buckets. By setting appropriate CORS rules, users can specify which domains are permitted to interact with their stored data, along with allowed HTTP methods and headers. This feature is essential for web applications that require secure access to assets from multiple domains while ensuring data protection. Configuring CORS policies helps manage resource access while maintaining security standards. Follow this guide to apply CORS policies to Vultr Object Storage subscription buckets using `s3cmd` and AWS CLI. === "S3cmd" 1. Deploy [Vultr Object Storage subscription and create a bucket](https://docs.vultr.com/vultr-object-storage). 1. Configure `s3cmd` with Vultr Object Storage subscription. ```console $ s3cmd --configure ``` Follow the prompts and provide bucket credentials like **Access Key**, **Secret Key**, **Default Region** and **S3 Endpoint**. You can retrieve these credentials from the Vultr Object Storage subscription **Overview** page. 1. Enter the DNS-style template. For example, if you choose the New Jersey location, use `%(bucket)s.ewr1.vultrobjects.com`. ``` DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket)s.ewr1.vultrobjects.com ``` 1. Upload a file in the bucket. Replace `LOCAL_FILE_PATH` with the local file path and `BUCKET_NAME` with your bucket name. ```console $ s3cmd put LOCAL_FILE_PATH s3://BUCKET_NAME/ ``` 1. Create a new `xml` file, such as `cors_rules.xml` to set up a CORS bucket policy. ```console $ nano cors_rules.xml ``` 1. Copy the content below and paste it into the xml file. ```xml * GET POST PUT 3000 * ``` Save and close the file. 1. Apply the CORS policy. Replace `BUCKET_NAME` with your bucket name. ```console $ s3cmd setcors cors_rules.xml s3://BUCKET_NAME ``` 1. Verify the CORS policy if needed. ```console $ s3cmd getcors s3://BUCKET_NAME ``` === "AWS CLI" 1. Deploy [Vultr Object Storage and create a bucket](https://docs.vultr.com/vultr-object-storage). 1. Configure AWS CLI with Vultr Object Storage subscription. ```console $ aws configure --profile my-config ``` Follow the prompts and provide bucket credentials like **Access Key**, **Secret Key**, and **Default Region**. These credentials can be retrieved from the overview page of the Vultr Object Storage subscription. 1. Upload a file in the bucket. Replace `HOSTNAME` with your S3 endpoint hostname, `BUCKET_NAME` with your bucket name, `OBJECT_KEY` with the destination key, and `LOCAL_FILE_PATH` with the local file path. ```console $ aws --endpoint-url https://HOSTNAME --profile my-config s3api put-object --bucket BUCKET_NAME --key OBJECT_KEY --body LOCAL_FILE_PATH ``` 1. Create a new `json` file to set up a CORS bucket policy. ```console $ nano cors_rules.json ``` 1. Copy and paste the below content into the file. ```json [ { "AllowedOrigins": ["*"], "AllowedMethods": ["GET", "POST", "PUT"], "AllowedHeaders": ["*"], "MaxAgeSeconds": 3000 } ] ``` Save and close the file. 1. Set the policy for the bucket. Replace `HOSTNAME` with your S3 endpoint hostname and `BUCKET_NAME` with your bucket name. ```console $ aws --endpoint-url https://HOSTNAME s3api put-bucket-cors --bucket BUCKET_NAME --cors-configuration file://cors_rules.json --profile my-config ``` 1. Check the policy applied to the bucket if needed. ```console $ aws --endpoint-url https://HOSTNAME s3api get-bucket-cors --bucket BUCKET_NAME --profile my-config ```