Last active
October 20, 2020 14:03
-
-
Save heri16/892ffb19681e2ebbb90ac3baae1f37a6 to your computer and use it in GitHub Desktop.
Complete CORS Config for AWS S3 Bucket
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> | |
<CORSRule> | |
<AllowedOrigin>https://*</AllowedOrigin> | |
<AllowedMethod>HEAD</AllowedMethod> | |
<AllowedMethod>GET</AllowedMethod> | |
<AllowedMethod>PUT</AllowedMethod> | |
<AllowedMethod>POST</AllowedMethod> | |
<AllowedMethod>DELETE</AllowedMethod> | |
<AllowedHeader>*</AllowedHeader> | |
<MaxAgeSeconds>3000</MaxAgeSeconds> | |
<!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers --> | |
<!-- https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html --> | |
<!-- https://github.com/w3c/ServiceWorker/issues/339#issuecomment-372304884 --> | |
<ExposeHeader>Content-Range</ExposeHeader> | |
<ExposeHeader>Content-Disposition</ExposeHeader> | |
<ExposeHeader>Content-Location</ExposeHeader> | |
<ExposeHeader>Content-Encoding</ExposeHeader> | |
<ExposeHeader>Content-Length</ExposeHeader> | |
<ExposeHeader>Date</ExposeHeader> | |
<ExposeHeader>ETag</ExposeHeader> | |
<ExposeHeader>Server</ExposeHeader> | |
<ExposeHeader>x-amz-delete-marker</ExposeHeader> | |
<ExposeHeader>x-amz-id-2</ExposeHeader> | |
<ExposeHeader>x-amz-request-id</ExposeHeader> | |
<ExposeHeader>x-amz-version-id</ExposeHeader> | |
<ExposeHeader>x-amz-server-side-encryption</ExposeHeader> | |
</CORSRule> | |
</CORSConfiguration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
References
Fetch: Cross-Origin Requests: https://javascript.info/fetch-crossorigin#why-is-cors-needed-a-brief-history
Deep dive into CORS configs on Amazon S3: https://aws.amazon.com/blogs/media/deep-dive-into-cors-configs-on-aws-s3-how-to/
Browser Script Considerations (CORS): https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/cors.html