DigitalOcean

Report this

What is the reason for this report?
Question

CORS header ‘Access-Control-Allow-Origin’ missing

Posted on November 11, 2025
DigitalOcean Spaces
devjk1

By devjk1

I am running into a Reason: CORS header ‘Access-Control-Allow-Origin’ missing, while uploading a file through my app. Is this error only caused by a misconfiguration of CORS? I believe I have set CORS correctly according to the CORS guide on DigitalOcean.

I have set the CORS Configuration as the guide states. Origin: https://*.mydomain.website Allowed Methods: all five methods Max Age: 5

In my browser: https://mydomain.website/audios/create

Console error

OPTIONS
https://my-bucket.sfo3.digitaloceanspaces.com/audios/8a2caa034ff2225df2daafb2d441e63c6d4f4de41a411b6b3200b9017cc579cf
?x-amz-acl=public-read
&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=DO801MLCGYQT3V2WGZHN/20251111/us-east-1/s3/aws4_request
&X-Amz-Date=20251111T015924Z
&X-Amz-SignedHeaders=host;x-amz-acl
&X-Amz-Expires=300
&X-Amz-Signature=7363d0df0a7430661bdf1f8600e9977b71f608e052c21905313659bd711ec24c

Any help is greatly appreciated.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
alexdo
alexdo
November 12, 2025

Heya, @devjk1

That error usually means your presigned URL is signed for the wrong region, not just a CORS issue.

You’re uploading to

https://my-bucket.sfo3.digitaloceanspaces.com

but the signature says

.../us-east-1/s3/aws4_request

That mismatch makes Spaces return a 403 with no CORS headers, so the browser shows “CORS header missing.”

You can regenerate the presigned URL using the correct region (sfo3) and endpoint. Example:

const s3 = new S3Client({
  region: "sfo3",
  endpoint: "https://sfo3.digitaloceanspaces.com",
});

Then check your CORS config — list exact origins (no wildcards), include PUT, GET, POST, DELETE, HEAD, and allow all headers (*).

Once the region and CORS rules match, the upload will work.

Hope that this helps!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.