Cross-Origin Resource Sharing (CORS) enables web applications to securely access resources hosted on different domains. This support article explains what CORS configuration is needed for AWS S3 and Azure services when hooking up a new storage container to MediaLab. For detailed technical references, consult the AWS S3 CORS documentation and Azure CORS documentation.
Sample CORS configuration
Here’s a sample CORS configuration for an S3 bucket, with a concise explanation:
{
"AllowedHeaders": [
"Authorization",
"x-amz-date",
"x-amz-content-sha256",
"content-type"
],
"AllowedMethods": [
"GET",
"PUT"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"ETag",
"Location"
],
"MaxAgeSeconds": 3000
}
- AllowedHeaders: Permits headers like
Authorization(for authentication),x-amz-dateandx-amz-content-sha256(for AWS request signing), andcontent-type(for MIME types). These support secure, authenticated requests. - AllowedMethods: Allows
GET(fetch objects) andPUT(upload objects). - AllowedOrigins: The
*wildcard allows any domain to make requests. Consider using more specific domain specification for production use. - ExposeHeaders: Exposes
ETag(object version identifier) andLocation(new resource URL) to clients, aiding in upload verification or caching. - MaxAgeSeconds: Caches preflight responses for 3000 seconds (50 minutes), reducing preflight requests for better performance.
Hopefully you have the information you need to connect your storage container to MediaLab. If extra help is needed, please refer to your platform's CORS documentation, reach out to your cloud provider’s support team or contact MediaLab's service desk for assistance.