Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Configuring CORS

Written by
Updated at October 28, 2024

Object Storage allows you to manage CORS configurations in the bucket.

  1. In the management console, go to the bucket you want to configure CORS for.
  2. In the left-hand menu, select CORS.
  3. Click Configure.
  4. This will open a page where you can add, delete, and edit configuration rules. For a detailed description of the configuration fields, see CORS configuration of buckets.

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command to update a bucket:

    yc storage bucket update --help

  2. Get a list of buckets in the default folder:

    yc storage bucket list

    Result:

    +------------------+----------------------+-------------+-----------------------+---------------------+
|       NAME       |      FOLDER ID       |  MAX SIZE   | DEFAULT STORAGE CLASS |     CREATED AT      |
+------------------+----------------------+-------------+-----------------------+---------------------+
| first-bucket     | b1gmit33ngp6******** | 53687091200 | STANDARD              | 2022-12-16 13:58:18 |
+------------------+----------------------+-------------+-----------------------+---------------------+

  3. Using the NAME column, save the name of the bucket to set up the CORS configuration in.

  4. Run this command:

    yc storage bucket update \
  --name <bucket_name> \
  --cors <CORS_parameter>='[<set_of_values>]',<CORS_parameter>='[<set_of_values>]',...

    Where:

    • --name: Name of the bucket to set up the CORS configuration in.

    • --cors: CORS parameters:

      • allowed-methods: List of methods. Possible values: method-get, method-put, method-post, method-delete, and method-head. This is a required parameter.
      • allowed-origins: List of websites that allow sending cross-domain requests to a bucket. This is a required parameter.
      • allowed-headers: List of allowed headers. This is an optional parameter.
      • expose-headers: List of headers that can be displayed in a JavaScript app in the browser. This is an optional parameter.
      • max-age-seconds: Time in seconds during which the browser caches the results of requests to an object. This is an optional parameter.

      Parameter values are specified in quotes and square brackets. List items in values are separated by commas with no spaces. For example, --cors allowed-methods='[method-get,method-head]',allowed-origins='[example.com]'.

      Permissions specified in the command override the current CORS settings of the bucket. You can retrieve the current permissions using the yc storage bucket get <bucket_name> --full.

      Result:

      name: first-bucket
folder_id: b1gmit33ngp6********
default_storage_class: STANDARD
versioning: VERSIONING_DISABLED
max_size: "53687091200"
acl: {}
created_at: "2022-11-25T11:48:42.024638Z"

To remove the CORS configuration, run this command:

yc storage bucket update \
  --name <bucket_name> \
  --remove-cors

To upload a configuration via the AWS CLI:

  1. Describe the CORS object configurations in JSON format. Here is an example:

    {
  "CORSRules": [
    {
      "AllowedHeaders": ["*"],
      "AllowedMethods": ["GET", "HEAD", "PUT", "DELETE"],
      "MaxAgeSeconds": 3000,
      "AllowedOrigins": ["*"]
    }
  ]
}

    When ready, you can save your configuration into a file, e.g., cors.json.

  2. Upload the configuration to the bucket, e.g., shared-bucket:

    aws s3api put-bucket-cors \
  --bucket shared-bucket \
  --cors-configuration file://cors.json \
  --endpoint-url=https://storage.yandexcloud.net

Note

Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin, for the folder where you are going to create resources.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

Retrieve static access keys: a static key and a key ID used to authenticate in Object Storage.

  1. In the configuration file, describe the parameters of the resources you want to create:

    provider "yandex" {
  cloud_id  = "<cloud_ID>"
  folder_id = "<folder_ID>"
  zone      = "<availability_zone>"
  token     = "<OAuth_token>"
  }

resource "yandex_iam_service_account" "sa" {
  name = "<service_account_name>"
}

// Assigning a role to a service account
resource "yandex_resourcemanager_folder_iam_member" "sa-admin" {
  folder_id = "<folder_ID>"
  role      = "storage.admin"
  member    = "serviceAccount:${yandex_iam_service_account.sa.id}"
}

// Creating a static access key
resource "yandex_iam_service_account_static_access_key" "sa-static-key" {
  service_account_id = yandex_iam_service_account.sa.id
  description        = "static access key for object storage"
}

resource "yandex_storage_bucket" "b" {
  bucket = "s3-website-test.hashicorp.com"
  acl    = "public-read"

  access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key
  secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key

  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["PUT", "POST"]
    allowed_origins = ["https://s3-website-test.hashicorp.com"]
    expose_headers  = ["ETag"]
    max_age_seconds = 3000
  }
}

    Where:

    • access_key: Static access key ID.
    • secret_key: Secret access key value.
    • bucket: Bucket name. This is a required parameter.
    • acl: Applied ACL policy. This is an optional parameter.

    CORS parameters:

    • allowed_headers: Allowed headers. This is an optional parameter.
    • allowed_methods: Allowed methods. The possible values are GET, PUT, POST, DELETE or HEAD. This is a required parameter.
    • allowed_origins: Website that allows sending cross-domain requests to a bucket. This is a required parameter.
    • expose_headers: Header that can be displayed in a JavaScript app in the browser. This is an optional parameter.
    • max_age_seconds: Time in seconds during which the browser caches the results of requests to an object. This is an optional parameter.
    • server_side_encryption_configuration: Bucket encryption settings on the server side. This is an optional parameter.

    For more information about the resources you can create with Terraform, see the provider documentation.

  2. Make sure the configuration files are correct.

    1. In the command line, go to the folder where you created the configuration file.

    2. Run a check using this command:

      terraform plan

    If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.

  3. Deploy cloud resources.

    1. If the configuration does not contain any errors, run this command:

      terraform apply

    2. Confirm that you want to create the resources.

    All the resources you need will then be created in the specified folder. You can check the new resources and their configuration using the management console.

To manage CORS configurations for buckets, use the update REST API method for the Bucket resource, the BucketService/Update gRPC API call, or the upload S3 API method.

Previous
Managing object lifecycles
Next
Configuring access permissions using IAM