Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Yandex Cloud CDN
  • Getting started
    • All guides
    • Connecting to a Cloud CDN provider
      • Creating a resource
      • Updating basic settings of a resource
      • Getting information about a resource
      • Configuring resource caching
      • Configuring log export
      • Pre-loading files to CDN servers
      • Purging resource cache
      • Configuring request and response headers
      • Configuring CORS for responses to clients
      • Configuring HTTP methods
      • Enabling file compression
      • Enabling file segmentation
      • Enabling origin shielding
      • Configuring request redirection
      • Setting up access via a secure token
      • Managing additional resource settings
      • Disabling a resource
      • Managing resource labels
      • Deleting a resource
      • Viewing resource statistics
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes
  • Troubleshooting
  1. Step-by-step guides
  2. Resources
  3. Configuring CORS for responses to clients

Configuring CORS for responses to clients

Written by
Yandex Cloud
Updated at June 11, 2025

Note

To make sure cross-domain requests are enabled, additionally set up CORS on a source if the source supports this mechanism. For example, CORS configuration is required for Object Storage buckets.

To configure cross-domain requests with CORS for the resource:

Management console
CLI
Terraform
API
  1. In the management console, select the folder where your resource is located.

  2. Select Cloud CDN.

  3. Click the resource name.

  4. Navigate to the HTTP headers and methods tab.

  5. In the top-right corner, click Edit.

  6. Under CORS when responding to client requests:

    • In the Access-Control-Allow-Origin header field, specify whether to add this header to responses.
    • When adding a header, select the values of the Origin header that allow access to the content. To grant access only to specific origins, select Same as Origin if on the list, specify the origin domain names and click Add domain name.
  7. Click Save.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. View the description of the CLI command to update a resource:

    yc cdn resource update --help
    
  2. Get a list of all resources in the default folder:

    yc cdn resource list --format yaml
    

    Result:

    id: s0me1dkfjq********
    folder_id: s0mef01der7p********
    cname: testexample.com
    created_at: "2022-01-19T09:23:57.921365Z"
    updated_at: "2022-01-19T10:55:30.305141Z"
    active: true
    options:
      edge_cache_settings:
        enabled: true
        default value: "345600"
      cache_http_headers:
        enabled: true
        value:
        - content-type
        - content-length
        - connection
        - server
        - date
        - test
      stale:
        enabled: true
        value:
        - error
        - updating
      allowed_http_methods:
        value:
        - GET
        - POST
        - HEAD
        - OPTIONS
    origin_group_id: "89783"
    origin_group_name: My origins group
    origin_protocol: HTTP
    ssl_certificate:
      type: DONT_USE
      status: READY
    
  3. To enable adding the Access-Control-Allow-Origin header, use the --cors parameter:

    yc cdn resource update <resource_ID> --cors <CORS_value>
    

    The * and "$http_origin" values allow access to content with any Origin header value. To allow access only to specific origins, specify "$http_origin" and the origin domain names: ["domain.com", "second.dom.com"].

    For more information about the yc cdn resource update command, see the CLI reference.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. In the configuration file, describe the properties of the CDN resource to create:

    terraform {
      required_providers {
        yandex = {
          source  = "yandex-cloud/yandex"
          version = "0.69.0"
        }
      }
    }
    
    provider "yandex" {
      token     = "<OAuth_token>"
      cloud_id  = "<cloud_ID>"
      folder_id = "<folder_ID>"
      zone      = "<availability_zone>"
    }
    
    resource "yandex_cdn_resource" "my_resource" {
        cname               = "cdn1.yandex-example.ru"
        active              = false
        origin_protocol     = "https"
        secondary_hostnames = ["cdn-example-1.yandex.ru", "cdn-example-2.yandex.ru"]
        origin_group_id     = yandex_cdn_origin_group.my_group.id
        options {
          allowed_http_methods = ["GET","PUT"]
          cors                 = ["*"]
        }
    
    }
    

    Where:

    • cname: Primary domain name used for content distribution. This is a required parameter.
    • active: Flag indicating content availability to end users. True: CDN content will be available to clients. This is an optional parameter. The default value is true.
    • origin_protocol: Protocol for origins. This is an optional parameter. The default value is http.
    • secondary_hostnames: Additional domain names. This is an optional parameter.
    • origin_group_id: Origin group ID. This is a required parameter. Use the ID from the description of the origin group in the yandex_cdn_origin_group resource.
    • The options section contains additional parameters of CDN resources:
      • cors: Value the CDN will send in the Access-Control-Allow-Origin header in response to a CORS request.
      • allowed_http_methods: HTTP methods allowed for your CDN content. By default, the following methods are allowed: GET, HEAD, POST, PUT, PATCH, DELETE, and OPTIONS. If the user is not allowed to use any method, they will get the 405 Method Not Allowed response. For methods that are not supported, the user will get 501 (Not Implemented). This is an optional parameter. Its default values are GET, HEAD, POST, and OPTIONS.

    For more information about the yandex_cdn_resource properties in Terraform, see the provider documentation.

  2. In the command line, go to the directory with the Terraform configuration file.

  3. Check the configuration using this command:

    terraform validate
    

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.
    
  4. Run this command:

    terraform plan
    

    You will see a detailed list of resources. No changes will be made at this step. If the configuration contains errors, Terraform will show them.

  5. Apply the changes:

    terraform apply
    
  6. Type yes and press Enter to confirm the changes.

    You can check the CDN resource update in the management console or using this CLI command:

    yc cdn resource list
    

Use the update REST API method for the Resource resource or the ResourceService/Update gRPC API call.

It may take up to 15 minutes for the new settings of the existing resource to apply to the CDN servers. After that, we recommend purging the resource cache.

Was the article helpful?

Previous
Configuring request and response headers
Next
Configuring HTTP methods
© 2025 Direct Cursus Technology L.L.C.