Cross-Origin Resource Sharing.

Enable secure cross-domain access to your
Filebase buckets with configurable CORS policies.

How CORS Works

Secure cross-origin request flow

$ ./check-origin.sh --domain app.example.com

Checking CORS policy...

Origin: app.example.com

Target: bucket.filebase.com

Status: Allowed [200 OK]

Security

Quick Start

Configure CORS in three steps

$ ./manage-cors-config.sh --init

Creating CORS configuration...

$ ./manage-cors-config.sh --add-origin

Origin added: app.example.com

$ ./manage-cors-config.sh --save

Configuration saved.

Setup

View Docs

Documentation

Complete CORS configuration guide

View Docs

What is CORS?

Cross-Origin Resource Sharing (CORS) is a security mechanism that allows web applications to access resources from a different origin than their own.

When a web browser loads a website, it typically enforces the Same-Origin Policy (SOP), which restricts web addresses to only request data from the same origin.

Origin Security

Control which domains can access your bucket resources through specific origin configurations.

Cross-Domain Access

Enable web applications to securely request resources from different domains, protocols, or ports.

Request Control

Specify which HTTP methods and headers are allowed for cross-origin requests.

Browser Protection

Work with browser security mechanisms to ensure safe cross-origin data sharing.

Implementation Guide

Follow this step-by-step guide to configure CORS for your Filebase buckets.

Make sure you have the AWS CLI installed and configured with your Filebase credentials.

Step 1

Basic Configuration

Create a CORS configuration file (corspolicy.json) that allows cross-origin GET requests from all origins. This is useful for public read access.

corspolicy.json

{
  "CORSRules": [
    {
      "AllowedHeaders": [],
      "AllowedMethods": ["GET"],
      "AllowedOrigins": ["*"],
      "ExposeHeaders": []
    }
  ]
}

Step 2

Advanced Configuration

For more control, you can specify allowed methods, headers, and cache duration. This example allows specific operations from example.com with custom headers.

corspolicy.json

{
  "CORSRules": [
    {
      "AllowedHeaders": ["*"],
      "AllowedMethods": ["PUT", "POST", "DELETE"],
      "AllowedOrigins": ["http://www.example.com"],
      "ExposeHeaders": [
        "x-amz-server-side-encryption",
        "x-amz-request-id",
        "x-amz-id-2"
      ],
      "MaxAgeSeconds": 3000
    }
  ]
}

Step 3

Apply & Verify

Use the AWS CLI to apply the CORS configuration to your bucket. Make sure you have configured AWS CLI with your Filebase credentials first.

terminal

# Configure AWS CLI (if not already done)
aws configure
# Access Key ID: Your-Filebase-Access-Key
# Secret Access Key: Your-Filebase-Secret-Key
# Region: us-east-1
# Output Format: Optional

# Apply CORS configuration
aws --endpoint https://s3.filebase.com s3api put-bucket-cors \
    --bucket your-bucket-name \
    --cors-configuration file://corspolicy.json

# Verify configuration
aws --endpoint https://s3.filebase.com s3api get-bucket-cors \
    --bucket your-bucket-name

Configuration Builder

Generate a CORS configuration file based on your access requirements.

corspolicy.json

{
  "CORSRules": [
    {
      "AllowedHeaders": [
        "*"
      ],
      "AllowedMethods": [
        "GET"
      ],
      "AllowedOrigins": [
        "*"
      ],
      "ExposeHeaders": []
    }
  ]
}

Basic Configuration

A simple configuration that allows GET requests from any origin. This is suitable for basic testing and public read-only access to your bucket resources.

Understanding CORS

Learn how CORS works and best practices for implementation.

Request Types

Simple Requests

Basic GET or POST requests that don't require preflight checks. The browser automatically sets CORS headers.

Preflight Requests

Complex requests that require an OPTIONS check before the actual request. Used for custom headers or methods.

CORS Configuration Elements

AllowedOrigins

Specify which domains can access your resources

["http://www.example.com", "https://*.trusted-domain.com"]

AllowedMethods

HTTP methods permitted for cross-origin requests

["GET", "PUT", "POST", "DELETE"]

AllowedHeaders

Custom headers allowed in requests

["*"] or ["x-custom-header"]

ExposeHeaders

Headers that browsers are allowed to access

["x-amz-server-side-encryption", "x-amz-request-id"]

MaxAgeSeconds

How long browsers should cache preflight results

Best Practices

Security Considerations

Origin Specification

Use exact domain origins in production environments instead of wildcards

Method Restriction

Only allow necessary HTTP methods to minimize attack surface

Header Control

Explicitly specify allowed headers rather than using wildcards

Performance Optimization

Preflight Caching

Set appropriate MaxAgeSeconds to reduce preflight requests

Header Minimization

Only expose necessary headers to reduce response size

Ready to Get Started?

Configure CORS for your Filebase buckets or explore our documentation.

Configure CORS

Set up CORS rules for your buckets

View Documentation

Read the full technical guide

Need Help?

Check out our comprehensive documentation for detailed examples and troubleshooting guides.