CORS
CORS (Cross-Origin Resource Sharing) lets browser applications access files in your bucket from a different domain. Add CORS rules to specify which origins, HTTP methods, and headers are permitted.
Before you begin
- An active IBEE Solutions organization with a bucket (Create a bucket)
About CORS
- CORS allows browser applications to access your bucket files.
- Add your domain to allowed origins (e.g.,
https://myapp.com). - Use wildcards for subdomains (e.g.,
*.myapp.com).
Changes may take up to 5 minutes to propagate. CORS configuration is cached. Wait at least 5 minutes after saving before testing.
1. Go to CORS settings
Open a bucket, click the Settings tab, then click CORS in the settings sub-navigation.
3. Configure the rule
Fill in the ADD CORS RULE panel — subtitle: “Configure cross-origin resource sharing for browser access.”
Allowed Origins
Helper: “Specify which domains can access this bucket from a browser:”
Enter an origin in the input (placeholder: https://myapp.com or *.myapp.com) and click + Add Origin to add more. Use * to allow all origins.
Allowed Methods
Helper: “Select which HTTP methods are allowed:“
Allowed Headers
Helper: “Comma-separated list of headers browsers can send:” — defaults to * (allow all headers).
Verify
Your new rule appears in the CORS Policy list. Allow up to 5 minutes for the configuration to propagate before testing from a browser.
Troubleshooting
CORS rule not taking effect CORS configuration is cached. Wait at least 5 minutes after saving before testing.
Browser still blocked after adding origin
Ensure the origin exactly matches the request origin — including the protocol (https://) and no trailing slash. Use *.myapp.com for wildcard subdomain matching.
All requests blocked
Ensure the HTTP method used by your browser app (e.g. PUT for uploads) is checked in Allowed Methods.
Allowed Headers errors
If your app sends custom headers, add them explicitly or use * to allow all headers.
