DigitalOcean

Report this

What is the reason for this report?
Question

Need help regarding CORS setup with assets hosted on DigitalOcean Spaces

Posted on September 26, 2024
Websites
DigitalOcean
90f16fa23b134d60b1e735ae4b8a06

By 90f16fa23b134d60b1e735ae4b8a06

I wanted to setup CORS for the image assets hosted on spaces, I want them to be accessible only through my web app running on client browser, it is a react app, I’ve directly used image urls in the code, have also configured CORS for my domain, but the issue is that if I mark the asset permissions as private, it gives a 403 for get request, on the other hand if I make it public, it is accessible on other domains as well, which I don’t want. So my question is that how can I achieve what I want, basically what CORS should do, or am I missing something.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby Iliev
Bobby Iliev
September 26, 2024

Accepted Answer

Hey there!

Just to clarify, private and public permissions on DigitalOcean Spaces aren’t directly related to CORS.

  • Public/Private: This controls whether anyone can access the file directly. Public means anyone can access it without authentication, while private means you need special permissions.

  • CORS: This is about allowing your React app (on a different domain) to make requests to the Space. It doesn’t manage the file’s privacy but controls which domains can interact with the resource via the browser.

For private Spaces, the key is to use signed URLs. Here’s how it works:

  1. Your files remain private.
  2. Your backend generates a signed URL, which is a temporary link with a time-limited access token.
  3. Your React app can then request these URLs from your backend, allowing access to the files securely for a set period.
  4. CORS rules still apply, so make sure to configure them to allow your frontend’s domain.

This way, the files aren’t publicly accessible, and CORS controls access from your frontend only.

For more information about CORS you can check out the docs here:

https://docs.digitalocean.com/products/spaces/how-to/configure-cors/

And for more information on permissions you can check out the post here:

https://docs.digitalocean.com/products/spaces/how-to/set-file-permissions/

Let me know if you have any questions!

- Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.