I wanted to setup CORS for the image assets hosted on spaces, I want them to be accessible only through my web app running on client browser, it is a react app, I’ve directly used image urls in the code, have also configured CORS for my domain, but the issue is that if I mark the asset permissions as private, it gives a 403 for get request, on the other hand if I make it public, it is accessible on other domains as well, which I don’t want. So my question is that how can I achieve what I want, basically what CORS should do, or am I missing something.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Hey there!
Just to clarify, private and public permissions on DigitalOcean Spaces aren’t directly related to CORS.
Public/Private: This controls whether anyone can access the file directly. Public means anyone can access it without authentication, while private means you need special permissions.
CORS: This is about allowing your React app (on a different domain) to make requests to the Space. It doesn’t manage the file’s privacy but controls which domains can interact with the resource via the browser.
For private Spaces, the key is to use signed URLs. Here’s how it works:
This way, the files aren’t publicly accessible, and CORS controls access from your frontend only.
For more information about CORS you can check out the docs here:
https://docs.digitalocean.com/products/spaces/how-to/configure-cors/
And for more information on permissions you can check out the post here:
https://docs.digitalocean.com/products/spaces/how-to/set-file-permissions/
Let me know if you have any questions!
- Bobby
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.