CORS Settings

Cross-Origin Resource Sharing (CORS) is a web browser security mechanism. It allows web applications running in a browser to access resources located on different origins. For example, JavaScript on a webpage served from www.example.com can access images, audio, video, or files stored on storage.cdnetworks.com. By default, for security reasons, browsers restrict scripts on web pages from directly accessing resources from other domains. After enabling CORS, object storage services can flexibly grant external sites permission to read content in storage buckets, enabling secure and compliant cross-origin data access.

How to Set Up Cross-Origin Resource Sharing

1. Log in to the CDNetworks Console and select Object Storage Service.
2. Click the Name of the bucket you want to manage, or click ​​Manage​​ on the far right of the corresponding bucket.
3. On the details page, click ​​Basic Settings​​ in the upper section.
4. In the Basic Settings page, find CORS Settings and click the blue Create Rule button.
5. Complete the configuration ​​in the corresponding page as required.

CDNetworks Object Storage CORS settings consist of one or more CORS rules, and each CORS rule contains the following settings:

• Allowed_Origins: the source of allowed cross-domain requests, such as www.my-domain.com, *
• Allowed_Methods: HTTP methods allowed for cross-domain requests (PUT, POST, GET, DELETE, HEAD)
• Allowed_Headers: headers allowed in the OPTIONS prefetch instruction, such as x-os-test, *
• Exposed_Headers: which allows users to access response headers from the application
• Cache Timeout(Seconds): the browser’s prefetch (OPTIONS) request for a specific resource cache time to return the result

Important Notes: Allowed Origins、Allowed Headers and Exposed Headers support multiple entries, Each line can contain one origin/header and up to one wildcard (*).