Configuring CORS
Object Storage allows you to manage CORS configurations in the bucket.
- In the management console
, go to the bucket you want to configure CORS for. - In the left-hand menu, select CORS.
- Click Configure.
- This will open a page where you can add, delete, and edit configuration rules. For a detailed description of the configuration fields, see CORS configuration of buckets.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the CLI command to update a bucket:
yc storage bucket update --help
-
Get a list of buckets in the default folder:
yc storage bucket list
Result:
+------------------+----------------------+-------------+-----------------------+---------------------+ | NAME | FOLDER ID | MAX SIZE | DEFAULT STORAGE CLASS | CREATED AT | +------------------+----------------------+-------------+-----------------------+---------------------+ | first-bucket | b1gmit33ngp6******** | 53687091200 | STANDARD | 2022-12-16 13:58:18 | +------------------+----------------------+-------------+-----------------------+---------------------+
-
Using the
NAME
column, save the name of the bucket to set up the CORS configuration in. -
Run this command:
yc storage bucket update \ --name <bucket_name> \ --cors <CORS_parameter>='[<set_of_values>]',<CORS_parameter>='[<set_of_values>]',...
Where:
-
--name
: Name of the bucket to set up the CORS configuration in. -
--cors
: CORS parameters:allowed-methods
: List of methods. Possible values:method-get
,method-put
,method-post
,method-delete
, andmethod-head
. This is a required parameter.allowed-origins
: List of websites that allow sending cross-domain requests to a bucket. This is a required parameter.allowed-headers
: List of allowed headers. This is an optional parameter.expose-headers
: List of headers that can be displayed in a JavaScript app in the browser. This is an optional parameter.max-age-seconds
: Time in seconds during which the browser caches the results of requests to an object. This is an optional parameter.
Parameter values are specified in quotes and square brackets. List items in values are separated by commas with no spaces, e.g.,
--cors allowed-methods='[method-get,method-head]',allowed-origins='[example.com]'
.Permissions specified in the command override the current CORS settings of the bucket. You can retrieve the current permissions using the
yc storage bucket get <bucket_name> --full
.Result:
name: first-bucket folder_id: b1gmit33ngp6******** default_storage_class: STANDARD versioning: VERSIONING_DISABLED max_size: "53687091200" acl: {} created_at: "2022-11-25T11:48:42.024638Z"
-
To remove the CORS configuration, run this command:
yc storage bucket update \
--name <bucket_name> \
--remove-cors
To upload a configuration via the AWS CLI:
-
Describe the CORS object configurations in JSON format. For example:
{ "CORSRules": [ { "AllowedHeaders": ["*"], "AllowedMethods": ["GET", "HEAD", "PUT", "DELETE"], "MaxAgeSeconds": 3000, "AllowedOrigins": ["*"] } ] }
When ready, you can save your configuration into a file, e.g.,
cors.json
. -
Upload the configuration to the bucket, e.g.,
shared-bucket
:aws s3api put-bucket-cors \ --bucket shared-bucket \ --cors-configuration file://cors.json \ --endpoint-url=https://storage.yandexcloud.net
Note
Terraform uses a service account to interact with Object Storage. Assign to the service account the required role, e.g., storage.admin
, for the folder where you are going to create resources.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
Retrieve static access keys: a static key and a key ID used to authenticate in Object Storage.
-
In the configuration file, describe the parameters of the resources you want to create:
provider "yandex" { cloud_id = "<cloud_ID>" folder_id = "<folder_ID>" zone = "<availability_zone>" token = "<OAuth_token>" } resource "yandex_iam_service_account" "sa" { name = "<service_account_name>" } // Assigning roles to a service account resource "yandex_resourcemanager_folder_iam_member" "sa-admin" { folder_id = "<folder_ID>" role = "storage.admin" member = "serviceAccount:${yandex_iam_service_account.sa.id}" } // Creating a static access key resource "yandex_iam_service_account_static_access_key" "sa-static-key" { service_account_id = yandex_iam_service_account.sa.id description = "static access key for object storage" } resource "yandex_storage_bucket" "b" { bucket = "s3-website-test.hashicorp.com" acl = "public-read" access_key = yandex_iam_service_account_static_access_key.sa-static-key.access_key secret_key = yandex_iam_service_account_static_access_key.sa-static-key.secret_key cors_rule { allowed_headers = ["*"] allowed_methods = ["PUT", "POST"] allowed_origins = ["https://s3-website-test.hashicorp.com"] expose_headers = ["ETag"] max_age_seconds = 3000 } }
Where:
access_key
: Static access key ID.secret_key
: Secret access key value.bucket
: Bucket name. This is a required parameter.acl
: Applied ACL policy. This is an optional parameter.
CORS
parameters:allowed_headers
: Allowed headers. This is an optional parameter.allowed_methods
: Allowed methods. Possible values:GET
,PUT
,POST
,DELETE
, andHEAD
. This is a required parameter.allowed_origins
: Website that allows sending cross-domain requests to a bucket. This is a required parameter.expose_headers
: Header that can be displayed in a JavaScript app in the browser. This is an optional parameter.max_age_seconds
: Time in seconds during which the browser caches the results of requests to an object. This is an optional parameter.server_side_encryption_configuration
: Bucket encryption settings on the server side. This is an optional parameter.
For more information about the resources that you can create with Terraform, see the provider documentation
. -
Make sure the configuration files are correct.
-
In the command line, go to the folder where you created the configuration file.
-
Run a check using this command:
terraform plan
If the configuration is described correctly, the terminal will display a list of created resources and their parameters. If the configuration contains any errors, Terraform will point them out.
-
-
Deploy cloud resources.
-
If the configuration does not contain any errors, run this command:
terraform apply
-
Confirm that you want to create the resources.
All the resources you need will then be created in the specified folder. You can check the new resources and their configuration using the management console
. -
To manage CORS configurations for buckets, use the update REST API method for the Bucket resource, the BucketService/Update gRPC API call, or the upload S3 API method.