Docs

Configuring CORS for object storage

 

Share via

Confguring cross-origin resource sharing (CORS) for object storage.

Introduction  

This article describes how to configure Cross-Origin Resource Sharing (CORS) on a JASMIN Caringo S3 object store.

S3 CORS configuration  

JASMIN’s DataCore (previously Caringo) S3 object storage allows domain owners to configure Cross-Origin Resource Sharing (CORS) at bucket level. This article assumes you have read the this help article which introduces the object store and the use of the s3cmd command line tool.

Prerequisites  

You will need a valid S3 Token ID and Secret Key for the domain that you wish to modify.

e.g.

key will not be displayed again!
Token ID: <The Token for your Domain>
S3 Secret Key: <The Secret for your Domain>
Expiration Date: 2024-02-13
Owner: <Your JASMIN ID>
Description: test
See using s3cmd for instructions on generating these.

CORS XML Configuration File  

CORS configuration is set on the S3 bucket using an XML file format, as shown below:

<CORSConfiguration>
   <CORSRule>
      <AllowedOrigin>http://www.example1.com</AllowedOrigin>
      <AllowedMethod>PUT</AllowedMethod>
      <AllowedMethod>POST</AllowedMethod>
      <AllowedMethod>DELETE</AllowedMethod>
      <AllowedHeader>*</AllowedHeader>
   </CORSRule>
   <CORSRule>
      <AllowedOrigin>http://www.example2.com</AllowedOrigin>
      <AllowedMethod>PUT</AllowedMethod>
      <AllowedMethod>POST</AllowedMethod>
      <AllowedMethod>DELETE</AllowedMethod>
      <AllowedHeader>*</AllowedHeader>
   </CORSRule>
   <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
   </CORSRule>
</CORSConfiguration>

The above example shows a configuration which allows CORS access from external web sites www.example1.com  and www.example2.com  .

You can create a new file on your filesystem to store your CORS configuration using the above example as a reference. In the next step, you’ll learn how to apply this file to your bucket.

Applying CORS Settings to a Bucket  

To apply the CORS XML file you’ve created, you can use any S3 compatible client to set the CORS configuration.

The following example uses s3cmd on a Linux system.

First confirm that your s3cmd settings are correct by showing the info of the bucket.

e.g.

s3cmd info s3://testbin1
s3://testbin1/ (bucket):
   Location:  objectstore4.jc.rl.ac.uk
   Payer:     none
   Expiration Rule: none
   Policy:    {
                "Version":"2008-10-17",
                "Id":"testbin1 Policy",
                "Statement": [
                  {
                    "Sid":"1: Full access for Users",
                    "Effect":"Allow",
                    "Principal":{"anonymous":["*"]},
                    "Action":["*"],
                    "Resource":"*"
                  },
                  {
                    "Sid":"2: Read-only access for Everyone",
                    "Effect":"Allow",
                    "Principal":{"anonymous":["*"]},
                    "Action":["GetObject","GetBucketCORS"],
                    "Resource":"*"
                  }
                ]
              }
   CORS:      none
   ACL:       ahuggan: FULL_CONTROL

This example shows a bucket which currently doesn’t have a CORS policy set. Specifically, this is the section we’re interested in:

   CORS:      none

In this example, we’ll set a simple “allow all” CORS configuration. We’ve already created a file named test-cors-file which we will be uploading to the bucket:

<CORSConfiguration>
  <CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
  </CORSRule>
</CORSConfiguration>

Using the s3cmd command, we apply the CORS XML file to our S3 bucket:

s3cmd setcors test-cors-file s3://testbin1

(your S3 address will be different to the one shown here)

We can now run the info command to confirm that the CORS configuration from our file has been set on the bucket:

s3cmd info s3://testbin1
s3://testbin1/ (bucket):
   Location:  objectstore4.jc.rl.ac.uk
   Payer:     none
   Expiration Rule: none
   Policy:    {
                "Version":"2008-10-17",
                "Id":"testbin1 Policy",
                "Statement": [
                  {
                    "Sid":"1: Full access for Users",
                    "Effect":"Allow",
                    "Principal":{"anonymous":["*"]},
                    "Action":["*"],
                    "Resource":"*"
                  },
                  {
                    "Sid":"2: Read-only access for Everyone",
                    "Effect":"Allow",
                    "Principal":{"anonymous":["*"]},
                    "Action":["GetObject","GetBucketCORS"],
                    "Resource":"*"
                  }
                ]
              }
   CORS:      <CORSConfiguration>
                <CORSRule>
                  <AllowedOrigin>*</AllowedOrigin>
                  <AllowedMethod>HEAD</AllowedMethod>
                  <AllowedMethod>GET</AllowedMethod>
                  <AllowedHeader>*</AllowedHeader>
                </CORSRule>
              </CORSConfiguration>
   ACL:       ahuggan: FULL_CONTROL

To delete the CORS config from the bucket, we can run the following command:

s3cmd delcors s3://testbin1
s3://testbin1/: CORS deleted
Last updated on 2024-03-22 as part of:  added cors article (6e586dbdc)
On this page:
Follow us

Social media & development