Set up and view CORS configurations (original) (raw)

Skip to main content

• Technology areas

  • Overview
  • Guides
  • Reference
  • Samples
  • Resources

• Cross-product tools

• Console

• Discover

• Product overview

• Storage Intelligence overview

• Get started

• Terraform support for Cloud Storage

• Configure and manage Storage Intelligence

• Create buckets

• Create a bucket

• Domain-named bucket verification

• Access and manage buckets

• List buckets

• Change the default storage class of a bucket

• Move and rename buckets

• Delete buckets

• Upload and download objects

• About objects

• Overview of uploads and downloads

• Access and manage objects

• List objects

• Copy, rename, and move objects

• Change an object's storage class

• Tools to access and manage objects using a directory structure

• Object transcoding

• Delete objects

• Get insights on your stored data

• Analyze stored data with Gemini Cloud Assist

• Cache objects

• About caching

• Control data lifecycles

• Options for controlling data lifecycles

• Make requests

• Consistency in Cloud Storage operations

• Batched requests

• Use long-running operations

• Paginate results

• URI wildcards

• Secure data

• Access control

  • Overview
  • Bucket IP filtering
    * Overview
    * Create a bucket with IP filtering rules
    * Create or update IP filtering rules on an existing bucket
    * Get IP bucket filtering rules
    * List bucket IP filtering rules
    * Delete bucket IP filtering rules
    * Disable bucket IP filtering
    * Bypass bucket IP filtering rules
  • Sharing and collaboration scenarios
  • Access control best practices

• Monitor data and usage

• Use Cloud Audit Logs with Cloud Storage

• Usage logs and storage logs

• Use Cloud Audit Logs with storage batch operations

• Use Cloud Logs with storage batch operations

• Use Cloud Audit Logs with Storage Insights

• Use gRPC client-side metrics

• Use client-side traces

• Protection, backup, and recovery

• Overview

• Soft delete

  • Overview
  • Set and manage soft delete policies
  • Use soft-deleted objects
  • Use soft-deleted buckets
  • Set a default soft delete retention duration
  • Use soft delete recommendations
  • Disable soft delete

• Mount buckets with Cloud Storage FUSE

• Overview

• Quickstart

• Install Cloud Storage FUSE

• Mount buckets

• Performance

  • Performance tuning best practices
  • Profile-based configurations for AI/ML workloads
  • Automated configuration values for high-performance machine types
  • Use pre-configured GKE YAML files to optimize Cloud Storage FUSE performance

• Work across products, Clouds, and platforms

• Best practices for media workloads

• Interoperability

• Use Cloud Storage with Big Data

• Integration with Google Cloud Platform services and tools

• Troubleshoot

• Troubleshooting common issues

• Troubleshooting Storage Insights issues

• Troubleshooting Cloud Storage FUSE issues

Set up and view CORS configurations

Overview Configuration samples

Cross Origin Resource Sharing (CORS) allows interactions between resources from different origins, something that is normally prohibited in order to prevent malicious behavior. Use this page to learn how to set a CORS configuration on a Cloud Storage bucket and how to view the CORS configuration set on a bucket. See Configuration examples for CORS for example CORS configurations, including the configuration that disables any existing configuration on your bucket.

Required roles

To get the permissions that you need to set and view the CORS configuration on a bucket, ask your administrator to grant you the Storage Admin (roles/storage.admin) role on the bucket.

This predefined role contains the permissions required to set and view CORS configurations. To see the exact permissions that are required, expand theRequired permissions section:

Required permissions

• storage.buckets.get
• storage.buckets.update

You can also get these permissions with other predefined roles orcustom roles.

For information about granting roles on buckets, seeSet and manage IAM policies on buckets.

Set the CORS configuration on a bucket

You set a CORS configuration on a bucket by specifying information, such as HTTP methods and originating domains, that identify the types of requests the bucket can accept.

Use the following steps to set a CORS configuration on your bucket:

Console

You cannot manage CORS using the Google Cloud console. Use the gcloud CLI instead.

Command line

1. Create a JSON file with the CORS configuration you would like to apply. See configuration examples for sample JSON files.
2. Use the gcloud storage buckets update command with the--cors-file flag:
   gcloud storage buckets update gs://BUCKET_NAME --cors-file=CORS_CONFIG_FILE
   Where:
   • BUCKET_NAME is the name of the relevant bucket. For example, my-bucket.
   • CORS_CONFIG_FILE is the path to the JSON file you created in Step 1.

Client libraries

C++

For more information, see theCloud Storage C++ API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

The following sample sets a CORS configuration on a bucket:

C#

For more information, see theCloud Storage C# API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

The following sample sets a CORS configuration on a bucket:

Go

For more information, see theCloud Storage Go API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

The following sample sets a CORS configuration on a bucket:

Java

For more information, see theCloud Storage Java API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

The following sample sets a CORS configuration on a bucket:

Node.js

For more information, see theCloud Storage Node.js API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

The following sample sets a CORS configuration on a bucket:

PHP

For more information, see theCloud Storage PHP API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

The following sample sets a CORS configuration on a bucket:

Python

For more information, see theCloud Storage Python API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

The following sample sets a CORS configuration on a bucket:

Ruby

For more information, see theCloud Storage Ruby API reference documentation.

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, seeSet up authentication for client libraries.

The following sample sets a CORS configuration on a bucket:

REST APIs

JSON API

1. Have gcloud CLI installed and initialized, which lets you generate an access token for the Authorization header.
2. Create a JSON file with the CORS configuration you would like to apply. See configuration examples for sample JSON files.
3. Use cURL to call the JSON API with aPATCH Bucket request:
   curl --request PATCH \
   'https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=cors' \
   --header 'Authorization: Bearer $(gcloud auth print-access-token)' \
   --header 'Content-Type: application/json' \
   --data-binary @CORS_CONFIG_FILE
   Where:
   • BUCKET_NAME is the name of the bucket. For example, my-bucket.
   • CORS_CONFIG_FILE is the path to the JSON file you created in Step 2.

XML API

1. Have gcloud CLI installed and initialized, which lets you generate an access token for the Authorization header.
2. Create a XML file with the CORS configuration you would like to apply. See configuration examples for sample XML files.
3. Use cURL to call the XML API with aPUT Bucket request scoped to ?cors:
   curl -X PUT --data-binary @CORS_CONFIG_FILE \
   -H "Authorization: Bearer $(gcloud auth print-access-token)" \
   -H "x-goog-project-id: PROJECT_ID" \
   "https://storage.googleapis.com/BUCKET_NAME?cors"
   Where:
   • BUCKET_NAME is the name of the bucket. For example, my-bucket.
   • PROJECT_ID is the ID of the project associated with the bucket. For example, my-project.
   • CORS_CONFIG_FILE is the path to the XML file you created in Step 2.

To remove the CORS configuration for a bucket,set an empty CORS configuration.

View the CORS configuration for a bucket

To view the CORS configuration for a bucket:

Console

You cannot manage CORS using the Google Cloud console. Use the gcloud CLI instead.

Command line

Use the gcloud storage buckets describe command with the--format flag:

gcloud storage buckets describe gs://BUCKET_NAME --format="default(cors_config)"

Where BUCKET_NAME is the name of the bucket whose CORS configuration you want to view. For example, my-bucket.

Client libraries

To view the CORS configuration for a bucket using the client libraries, follow the instructions for displaying a bucket's metadata and look for the CORS field in the response:

REST APIs

JSON API

1. Have gcloud CLI installed and initialized, which lets you generate an access token for the Authorization header.
2. Use cURL to call the JSON API with aGET Bucket request:
   curl -X GET \
   -H "Authorization: Bearer $(gcloud auth print-access-token)" \
   "https://storage.googleapis.com/storage/v1/b/BUCKET_NAME?fields=cors"
   Where BUCKET_NAME is the name of the bucket whose CORS configuration you want to view. For example,my-bucket.

XML API

1. Have gcloud CLI installed and initialized, which lets you generate an access token for the Authorization header.
2. Use cURL to call the XML API with aGET Bucket request scoped to ?cors:
   curl -X GET \
   -H "Authorization: Bearer $(gcloud auth print-access-token)" \
   "https://storage.googleapis.com/BUCKET_NAME?cors"
   Where BUCKET_NAME is the name of the bucket whose CORS configuration you want to view. For example,my-bucket.

What's next

• Explore CORS configuration examples, including an example that removes the CORS configuration on a bucket.
• Learn more about CORS.
• Learn how to troubleshoot CORS requests.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-09 UTC.