Configuring CORS when responding to clients
Note
To make sure cross-domain requests work correctly, additionally set up CORS on a source if the source supports this mechanism. For example, CORS configuration is required for Object Storage buckets.
To configure cross-domain requests with CORS for the resource:
-
In the management console
, select the folder where your resource is located. -
Select Cloud CDN.
-
Click the resource name.
-
Go to the HTTP headers and methods tab.
-
In the top-right corner, click
Edit. -
Under CORS when responding to client requests:
- In the Access-Control-Allow-Origin header field, specify whether to add this header to responses.
- When adding a header, select the values of the
Origin
header that allow access to the content. To grant access only to specific origins, selectSame as Origin if on the list
, specify the origin domain names and click Add domain name.
-
Click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View the description of the CLI update resource command:
yc cdn resource update --help
-
Get a list of all resources in the default folder:
yc cdn resource list --format yaml
Result:
id: s0me1dkfjq******** folder_id: s0mef01der7p******** cname: testexample.com created_at: "2022-01-19T09:23:57.921365Z" updated_at: "2022-01-19T10:55:30.305141Z" active: true options: edge_cache_settings: enabled: true default value: "345600" cache_http_headers: enabled: true value: - content-type - content-length - connection - server - date - test stale: enabled: true value: - error - updating allowed_http_methods: value: - GET - POST - HEAD - OPTIONS origin_group_id: "89783" origin_group_name: My origins group origin_protocol: HTTP ssl_certificate: type: DONT_USE status: READY
-
To enable adding the
Access-Control-Allow-Origin
header, use the--cors
flag:yc cdn resource update <resource_ID> --cors <CORS_value>
The
*
and"$http_origin"
values grant access to content with anyOrigin
header value. To only grant access to specific origins, specify"$http_origin"
and the origin domain names:["domain.com", "second.dom.com"]
.For more information about the
yc cdn resource update
command, see the CLI reference.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
-
In the configuration file, describe the parameters of the CDN resource to create:
terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = "0.69.0" } } } provider "yandex" { token = "<OAuth_token>" cloud_id = "<cloud_ID>" folder_id = "<folder_ID>" zone = "<availability_zone>" } resource "yandex_cdn_resource" "my_resource" { cname = "cdn1.yandex-example.ru" active = false origin_protocol = "https" secondary_hostnames = ["cdn-example-1.yandex.ru", "cdn-example-2.yandex.ru"] origin_group_id = yandex_cdn_origin_group.my_group.id options { allowed_http_methods = ["GET","PUT"] cors = ["*"] } }
Where:
cname
: Primary domain name used for content distribution. This is a required parameter.active
: Flag indicating content availablity to end users.True
: CDN content will be available to clients. This is an optional parameter. The default value istrue
.origin_protocol
: Protocol for origins. This is an optional parameter. The default value ishttp
.secondary_hostnames
: Additional domain names. This is an optional parameter.origin_group_id
: Origin group ID. This is a required parameter. Use the ID from the description of the origin group in theyandex_cdn_origin_group
resource.- The
options
section contains additional parameters of CDN resources:cors
: Value the CDN will send in theAccess-Control-Allow-Origin
header in response to a CORS request.allowed_http_methods
: HTTP methods allowed for your CDN content. By default, the following methods are allowed:GET
,HEAD
,POST
,PUT
,PATCH
,DELETE
, andOPTIONS
. If the user is not allowed to use any method, they will get the405
Method Not Allowed response. For methods that are not supported, the user will get501
(Not Implemented). This is an optional parameter. Its default values areGET
,HEAD
,POST
, andOPTIONS
.
For more information about the
yandex_cdn_resource
parameters in Terraform, see the relevant provider documentation . -
In the command line, go to the folder with the Terraform configuration file.
-
Check the configuration using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can check the changes to the CDN resource in the management console
or using this CLI command:yc cdn resource list
Use the update REST API method for the Resource resource or the ResourceService/Update gRPC API call.
It may take up to 15 minutes for the new settings of the existing resource to apply to CDN servers. After that, we recommend purging the resource cache.