mc cors set

The mc cors set command sets the Cross-Origin Resource Sharing (CORS) configuration for a bucket from an XML file.

CORS is a browser security mechanism that controls which web domains can access your object storage from client-side JavaScript. When a web application running on one domain attempts to access objects in AIStor from a different domain, the browser checks CORS policies to determine if the request should be allowed. See the Mozilla CORS documentation for more information.

Syntax

Example Syntax

The command has the following syntax:

mc [GLOBALFLAGS] cors set ALIAS/BUCKET CORSFILE

Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.

Parameters

ALIAS

Required

The alias of the AIStor or other S3-compatible service.

BUCKET

Required

The name of the bucket for which to set the CORS configuration.

CORSFILE

Required

The path to an XML file containing the CORS configuration. Use - to read from STDIN.

The XML file must follow the S3 CORS configuration schema. See CORS Configuration Examples below.

Global flags

This command supports any of the global flags.

Examples

Set CORS configuration from a file

Use mc cors set to apply a CORS configuration from an XML file:

mc cors set myaistor/mybucket cors.xml

Replace myaistor with the alias of a configured S3-compatible host.
Replace mybucket with the name of the bucket.
Replace /path/to/cors.xml with the path to your CORS configuration file.

Set CORS configuration from STDIN

The following command uses mc cors set to set the bucket CORS config from STDIN. The CORS configuration allows all methods originating from either example.com or app.example.com.

echo "<CORSConfiguration>
  <CORSRule>
    <AllowedOrigin>https://example.com</AllowedOrigin>
    <AllowedOrigin>https://app.example.com</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>DELETE</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
  </CORSRule>
</CORSConfiguration>" | mc cors set myaistor/mybucket -

Behavior

S3 compatibility

The mc commandline tool is built for compatibility with the AWS S3 API and is tested with AIStor and AWS S3 for expected functionality and behavior.

MinIO provides no guarantees for other S3-compatible services, as their S3 API implementation is unknown and therefore unsupported.

While mc commands may work as documented, any such usage is at your own risk.

CORS rule limits

AIStor supports up to 100 CORS rules per bucket, following the S3 specification.

Fallback to global CORS

If a bucket has no CORS configuration, AIStor falls back to global CORS settings. Once bucket-specific CORS is configured, global settings no longer apply to that bucket.