I wanted to setup CORS for the image assets hosted on spaces, I want them to be accessible only through my web app running on client browser, it is a react app, I’ve directly used image urls in the code, have also configured CORS for my domain, but the issue is that if I mark the asset permissions as private, it gives a 403 for get request, on the other hand if I make it public, it is accessible on other domains as well, which I don’t want. So my question is that how can I achieve what I want, basically what CORS should do, or am I missing something.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hey there!
Just to clarify, private and public permissions on DigitalOcean Spaces aren’t directly related to CORS.
Public/Private: This controls whether anyone can access the file directly. Public means anyone can access it without authentication, while private means you need special permissions.
CORS: This is about allowing your React app (on a different domain) to make requests to the Space. It doesn’t manage the file’s privacy but controls which domains can interact with the resource via the browser.
For private Spaces, the key is to use signed URLs. Here’s how it works:
This way, the files aren’t publicly accessible, and CORS controls access from your frontend only.
For more information about CORS you can check out the docs here:
And for more information on permissions you can check out the post here:
Let me know if you have any questions!
- Bobby