Cross-origin resource sharing (CORS) creates a way for client web applications located on one domain to have the ability to interact with resources located on a different domain. With CORS, websites and applications can access files and resources stored on Filebase buckets.

Creating a CORS Rule for a Filebase Bucket

The Filebase S3-compatible API supports CORS configurations for buckets.

The following API methods are supported:

• GetBucketCors

• PutBucketCors

• DeleteBucketCors

To configure a Filebase bucket to allow cross-origin requests, you will need to create a CORS rule. This rule identifies the origins that you will allow to access your bucket, the HTTP methods that will be supported for each origin, and other operation specific information.

This rule can be a JSON or XML file, though if using AWS CLI to apply this rule, a .json file is required.

Example #1 JSON:

This example is a wildcard rule that allows cross-origin GET requests from all origins.

{
"CORSRules":[
    {
        "AllowedHeaders": [],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": []
    }
    ]
}

Example #1 XML:

<CORSConfiguration>
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
    </CORSRule>
</CORSConfiguration>

Example #2 JSON:

CORS also allows optional configuration parameters, as shown in the following CORS rule.

• MaxAgeSeconds: Specifies the amount of time in seconds that the browser caches a response to a preflight OPTIONS request for the specified resource.

• ExposeHeader: Identifies the response headers that customers are able to access from their applications. In this example, x-amz-server-side-encryption, x-amz-request-id, and x-amz-id-2.

In this second example, the CORS rule allows cross-origin PUT, POST, and DELETE requests from the http://www.example.com origin, with a MaxAgeSeconds of 3000 and ExposeHeaders of x-amz-server-side-encryption, x-amz-request-id, and x-amz-id-2.

{
"CORSRules": [
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "DELETE"
        ],
        "AllowedOrigins": [
            "http://www.example.com"
        ],
        "ExposeHeaders": [
            "x-amz-server-side-encryption",
            "x-amz-request-id",
            "x-amz-id-2"
        ],
        "MaxAgeSeconds": 3000
    }
    ]
}

Example #2 XML:

<CORSConfiguration>
<CORSRule>
<AllowedOrigin>http://www.example.com</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
<ExposeHeader>x-amz-request-id</ExposeHeader>
<ExposeHeader>x-amz-id-2</ExposeHeader>
</CORSRule>
</CORSConfiguration>

Applying a CORS Rule to a Filebase Bucket

To apply a CORS rule, you can use a tool such as the AWS CLI to apply the .json file you created containing the rule. For information on how to configure AWS CLI, see here.

From the command line, enter the following command to apply the CORS rule to the intended Filebase bucket:

aws --endpoint https://s3.filebase.com s3api put-bucket-cors --bucket bucket-name --cors-configuration=file://corspolicy.json

Testing the CORS Configuration

You can confirm that the CORS configuration for the bucket was applied successfully by using the command:

aws --endpoint https://s3.filebase.com s3api get-bucket-cors --bucket bucket-name

For a full list of supported S3 API calls, see here.