head
, get
, and post
without requiring any CORS rules to be in place. For example, embedded images from other websites use a get request to pull the data from the other website’s origin.http://www.example.com
. The origin string can contain only one * wildcard character, such as http://*.example.com
. You can optionally specify * as the origin to enable all the origins to send cross-origin requests. You can also specify https to enable only secure origins.http://www.example.com
origin, with a MaxAgeSeconds of 3000 and ExposeHeaders of x-amz-server-side-encryption, x-amz-request-id, and x-amz-id-2.aws --endpoint https://s3.filebase.com s3api put-bucket-cors --bucket bucket-name --cors-configuration=file://corspolicy.json
aws --endpoint https://s3.filebase.com s3api get-bucket-cors --bucket bucket-name