Quick notes on setting up Amazon s3 CORS headers

It took me way too long to figure out how to get S3 cors headers working, here are my notes.

  1. In the S3 interface, click the magnifying glass icon to the left of your bucket.
  2. Click the “Edit CORS Configuration” button. It should be right next to “Add Bucket Policy”
  3. You should already have a CORS XML file in here, if not mine looked like this :
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
</CORSRule>
</CORSConfiguration>
  1. This CORS header allows all websites to perform GET requests against this resource.
  2. To reference the file, you must use the url structure [bucket].s3.amazonaws.com/[object]
  3. If using an img tag, it must contain the attribute crossorigin="anonymous". Read more here.

Check out MDN for more information about CORS headers.

Posted toTechon7/5/2014