Overview Configuration samples
Cross Origin Resource Sharing (CORS) allows interactions between resources from different origins, something that is normally prohibited in order to prevent malicious behavior. Use this page to learn how to set a CORS configuration on a Cloud Storage bucket and how to view the CORS configuration set on a bucket. See Configuration examples for CORS for example CORS configurations, including the configuration that disables any existing configuration on your bucket.
Required roles
To get the permissions that you need to set and view the CORS configuration
on a bucket, ask your administrator to grant you the Storage Admin
(roles/storage.admin
) role on the bucket.
This predefined role contains the permissions required to set and view CORS configurations. To see the exact permissions that are required, expand the Required permissions section:
Required permissions
storage.buckets.get
storage.buckets.update
You can also get these permissions with other predefined roles or custom roles.
For information about granting roles on buckets, see Use IAM with buckets.
Set the CORS configuration on a bucket
You set a CORS configuration on a bucket by specifying information, such as HTTP methods and originating domains, that identify the types of requests the bucket can accept.
Use the following steps to set a CORS configuration on your bucket:
Console
You cannot manage CORS using the Google Cloud console. Use the gcloud CLI instead.
Command line
Create a JSON file with the CORS configuration you would like to apply. See configuration examples for sample JSON files.
Use the
gcloud storage buckets update
command with the--cors-file
flag:gcloud storage buckets update gs://BUCKET_NAME --cors-file=CORS_CONFIG_FILE
Where:
BUCKET_NAME
is the name of the relevant bucket. For example,my-bucket
.CORS_CONFIG_FILE
is the path to the JSON file you created in Step 1.
Client libraries
C++
For more information, see the Cloud Storage C++ API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
The following sample sets a CORS configuration on a bucket:
C#
For more information, see the Cloud Storage C# API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
The following sample sets a CORS configuration on a bucket:
Go
For more information, see the Cloud Storage Go API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
The following sample sets a CORS configuration on a bucket:
Java
For more information, see the Cloud Storage Java API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
The following sample sets a CORS configuration on a bucket:
Node.js
For more information, see the Cloud Storage Node.js API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
The following sample sets a CORS configuration on a bucket:
PHP
For more information, see the Cloud Storage PHP API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
The following sample sets a CORS configuration on a bucket:
Python
For more information, see the Cloud Storage Python API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
The following sample sets a CORS configuration on a bucket:
Ruby
For more information, see the Cloud Storage Ruby API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
The following sample sets a CORS configuration on a bucket:
REST APIs
JSON API
Have gcloud CLI installed and initialized, which lets you generate an access token for the
Authorization
header.Create a JSON file with the CORS configuration you would like to apply. See configuration examples for sample JSON files.
Use
cURL
to call the JSON API with aPATCH
Bucket request:curl --request PATCH \ 'https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=cors' \ --header 'Authorization: Bearer $(gcloud auth print-access-token)' \ --header 'Content-Type: application/json' \ --data-binary @CORS_CONFIG_FILE
Where:
BUCKET_NAME
is the name of the bucket. For example,my-bucket
.CORS_CONFIG_FILE
is the path to the JSON file you created in Step 2.
XML API
Have gcloud CLI installed and initialized, which lets you generate an access token for the
Authorization
header.Create a XML file with the CORS configuration you would like to apply. See configuration examples for sample XML files.
Use
cURL
to call the XML API with aPUT Bucket
request scoped to?cors
:curl -X PUT --data-binary @CORS_CONFIG_FILE \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ -H "x-goog-project-id: PROJECT_ID" \ "https://storage.googleapis.com/BUCKET_NAME?cors"
Where:
BUCKET_NAME
is the name of the bucket. For example,my-bucket
.PROJECT_ID
is the ID of the project associated with the bucket. For example,my-project
.CORS_CONFIG_FILE
is the path to the XML file you created in Step 2.
To remove the CORS configuration for a bucket, set an empty CORS configuration.
View the CORS configuration for a bucket
To view the CORS configuration for a bucket:
Console
You cannot manage CORS using the Google Cloud console. Use the gcloud CLI instead.
Command line
Use the gcloud storage buckets describe
command with the
--format
flag:
gcloud storage buckets describe gs://BUCKET_NAME --format="default(cors_config)"
Where BUCKET_NAME
is the name of the bucket
whose CORS configuration you want to view. For example, my-bucket
.
Client libraries
To view the CORS configuration for a bucket using the client libraries, follow the instructions for displaying a bucket's metadata and look for the CORS field in the response:
C++
For more information, see the Cloud Storage C++ API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
C#
For more information, see the Cloud Storage C# API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
Go
For more information, see the Cloud Storage Go API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
Java
For more information, see the Cloud Storage Java API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
Node.js
For more information, see the Cloud Storage Node.js API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
PHP
For more information, see the Cloud Storage PHP API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
Python
For more information, see the Cloud Storage Python API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
Ruby
For more information, see the Cloud Storage Ruby API reference documentation.
To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries.
REST APIs
JSON API
Have gcloud CLI installed and initialized, which lets you generate an access token for the
Authorization
header.Use
cURL
to call the JSON API with aGET
Bucket request:curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=cors"
Where
BUCKET_NAME
is the name of the bucket whose CORS configuration you want to view. For example,my-bucket
.
XML API
Have gcloud CLI installed and initialized, which lets you generate an access token for the
Authorization
header.Use
cURL
to call the XML API with aGET
Bucket request scoped to?cors
:curl -X GET \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://storage.googleapis.com/BUCKET_NAME?cors"
Where
BUCKET_NAME
is the name of the bucket whose CORS configuration you want to view. For example,my-bucket
.
What's next
- Explore CORS configuration examples, including an example that removes the CORS configuration on a bucket.
- Learn more about CORS.
- Learn how to troubleshoot CORS requests.