Last active
November 24, 2015 15:19
-
-
Save bool-dev/e3fb15e0e328bd2ec7c3 to your computer and use it in GitHub Desktop.
Sample CORS config for a bucket on S3 to serve static assets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> | |
| <CORSRule> | |
| <AllowedOrigin>http://example.com</AllowedOrigin> | |
| <AllowedMethod>GET</AllowedMethod> | |
| <AllowedMethod>HEAD</AllowedMethod> | |
| <MaxAgeSeconds>3000</MaxAgeSeconds> | |
| <AllowedHeader>*</AllowedHeader> | |
| </CORSRule> | |
| <CORSRule> | |
| <AllowedOrigin>https://example.com</AllowedOrigin> | |
| <AllowedMethod>GET</AllowedMethod> | |
| <AllowedMethod>HEAD</AllowedMethod> | |
| <MaxAgeSeconds>3000</MaxAgeSeconds> | |
| <AllowedHeader>*</AllowedHeader> | |
| </CORSRule> | |
| <CORSRule> | |
| <AllowedOrigin>http://*.example.com</AllowedOrigin> | |
| <AllowedMethod>GET</AllowedMethod> | |
| <AllowedMethod>HEAD</AllowedMethod> | |
| <MaxAgeSeconds>3000</MaxAgeSeconds> | |
| <AllowedHeader>*</AllowedHeader> | |
| </CORSRule> | |
| <CORSRule> | |
| <AllowedOrigin>https://*.example.com</AllowedOrigin> | |
| <AllowedMethod>GET</AllowedMethod> | |
| <AllowedMethod>HEAD</AllowedMethod> | |
| <MaxAgeSeconds>3000</MaxAgeSeconds> | |
| <AllowedHeader>*</AllowedHeader> | |
| </CORSRule> | |
| </CORSConfiguration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This would allow for CORS Origins from any subdomain including the domain itself. From my trials I found that
*.example.comwould not includeexample.com. Hence all 4 rules are required.