DigitalOcean

Report this

What is the reason for this report?
Question

Problem to configure Digital Ocean Spaces with CORS

Posted on February 8, 2019
Object Storage
System Tools
API
CasparGoeke

By CasparGoeke

Hi everyone,

I would like to send a PUT request to our Digital Ocean Spaces Bucket using as outlined int the docs: see the API docs

Using Postman I can upload an object to the Spaces bucket (authorization headers seem to be calculated correctly). However when I try it with the browser /client I get the following CORS error

Failed to load resource: the server responded with a status of 403 (Forbidden) [https://bucketname.sgp1.digitaloceanspaces.com/Nx43jBxWbBSQcCYHfKOARe2Buml2/recordings/6b4eea96-0fbc-469a-91c6-8bea5eb3a18d/testUpload.txt]
Access to XMLHttpRequest at 'https://bucketname.sgp1.digitaloceanspaces.com/Nx43jBxWbBSQcCYHfKOARe2Buml2/recordings/6b4eea96-0fbc-469a-91c6-8bea5eb3a18d/testUpload.txt' from origin 'https://hostname.local' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. [https://hostname.local/settings]
Network Error

I changed bucket and hostname for obvious reasons.

Of course I tried to setup the CORS configuration in both the client as well as in DO spaces itself but I did not succeed after many hours. In DO spaces the Origin is set to * (wildcard) and I included / allowed all headers which are present in the clients request. Access Control Max Age is still set to zero as I don’t fully understand it, however changing it also did not alter anything.

Please also note that I am using NginX and Docker, so the client application running inside a docker container which is gated through the NginX server.

Most surprising to me is the fact that the error message says that the RESPONSE HEADER did not include the ‘Access-Control-Allow-Origin’ field, which means (in my understanding) that the DO spaces server did not respond correctly?!? So a side question is here: is there any way to change the response header form the DO spaces server?

I am very thankful for any help or suggestions.

Best, Caspar



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
winddude
winddude
September 25, 2019

This comment has been deleted

0
Bobby
Bobby
June 28, 2023

Hi there,

The error message you’re seeing usually indicates that the Spaces did not include the ‘Access-Control-Allow-Origin’ header in its response, which is required for the browser to allow the cross-origin request.

In DigitalOcean Spaces, you can set up CORS rules to allow cross-origin requests from specific origins. You have mentioned that you’ve already set this up, but here is how you should do it for the sake of completeness:

  1. Go to your Spaces settings on DigitalOcean.
  2. Click on the “CORS Configuration” button.
  3. Add a new rule.
    • For the “Allowed Origins”, if you want to allow all origins, enter *. If you want to allow specific origins, enter the origins separated by commas.
    • For “Allowed Methods”, select “GET”, “PUT”, “POST”, and “DELETE”.
    • For “Allowed Headers”, enter *.
    • Make sure to check “Allow Credentials”.
    • For “Max Age (seconds)”, you can leave it as the default value.
  4. Click “Save”.

If you’ve set this up correctly and are still seeing the error, there are a couple of other things to check:

  • Make sure that the request from your client application is using the correct method (GET, POST, PUT, etc.) and includes the correct headers that are allowed in your CORS rule.
  • Try clearing your browser cache. Browsers often cache CORS preflight responses, and this can sometimes cause issues if the CORS rules have changed.
  • Make sure that your client application is sending the request to the correct URL (this should be the URL of your DigitalOcean Space).

Best,

Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.