Correct CORS Configuration for Spaces

Hey guys,

I use Spaces as my S3 bucket and everything works fine when authenticating server-side using an SDK. However to uploads files directly to the Bucket I need to make a PUT request from javascript.

I configured CORS and set the Origin to my host, selected PUT in Allowed Methods and set * as Allowed Headers. I don’t really want to use the asterisk in Allowed Headers but it seems thats the only way to make it work. It doesn’t matter what Headers I put in as long as the asterisk is missing the Preflight request is rejected. I added all kinds of headers (all headers the request sends when * is set and the request comes through, including default CORS headers, Accept, User-Agent and whatnot). DO Spaces blocks all requests when the asterisk is not set.

Is there any official documentation on how to configure DO Spaces to allow PUT requests via CORS?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

This comment has been deleted

This comment has been deleted

This comment has been deleted


What I could suggest is to try adding for both HTTP and HTTPS and also for all subdomains using wildcard in the DigitalOcean settings for space.

For example:


Let me know how it goes!