...
To configure a bucket to allow cross-origin requests, create a CORS configuration, an XML document with up to 100 rules identifying the origins that can access a bucket, the operations (HTTP methods) to support for each origin, and other operation-specific information. Add the XML document as the cors subresource to the bucket.
For example, this This cors configuration on a bucket has three rules (the CORSRule elements), which do the following:
...
Element | Description |
|---|---|
AllowedMethod | Specifies which of the following values is allowed: GET, PUT, POST, DELETE, HEAD |
AllowedOrigin | Specifies the origins cross-domain requests are allowed from, for example,: |
AllowedHeader | Specifies which headers are allowed in a preflight request through the Access-Control-Request-Headers header. Each header name in the Access-Control-Request-Headers header must match a corresponding entry in the rule. Gateway sends only the allowed headers in a response requested. Each AllowedHeader string in the rule can contain at most one * wildcard character. For example, |
ExposeHeader | Identifies a header in the response clients are able to access from applications (for example, e.g. from a JavaScript XMLHttpRequest object). |
MaxAgeSeconds | Specifies the time in seconds a browser can cache the response for a preflight request as identified by the resource, the HTTP method, and the origin. By caching the response, the browser does not need to send preflight requests if the original request is to be repeated. |
...