Question

Need help regarding CORS setup with assets hosted on DigitalOcean Spaces

I wanted to setup CORS for the image assets hosted on spaces, I want them to be accessible only through my web app running on client browser, it is a react app, I’ve directly used image urls in the code, have also configured CORS for my domain, but the issue is that if I mark the asset permissions as private, it gives a 403 for get request, on the other hand if I make it public, it is accessible on other domains as well, which I don’t want. So my question is that how can I achieve what I want, basically what CORS should do, or am I missing something.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hey there!

Just to clarify, private and public permissions on DigitalOcean Spaces aren’t directly related to CORS.

  • Public/Private: This controls whether anyone can access the file directly. Public means anyone can access it without authentication, while private means you need special permissions.

  • CORS: This is about allowing your React app (on a different domain) to make requests to the Space. It doesn’t manage the file’s privacy but controls which domains can interact with the resource via the browser.

For private Spaces, the key is to use signed URLs. Here’s how it works:

  1. Your files remain private.
  2. Your backend generates a signed URL, which is a temporary link with a time-limited access token.
  3. Your React app can then request these URLs from your backend, allowing access to the files securely for a set period.
  4. CORS rules still apply, so make sure to configure them to allow your frontend’s domain.

This way, the files aren’t publicly accessible, and CORS controls access from your frontend only.

For more information about CORS you can check out the docs here:

https://docs.digitalocean.com/products/spaces/how-to/configure-cors/

And for more information on permissions you can check out the post here:

https://docs.digitalocean.com/products/spaces/how-to/set-file-permissions/

Let me know if you have any questions!

- Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more