Setting Access-Control-Allow-Origin in my space doesn't work with *

Posted on August 7, 2019

I’ve set my headers in my space to be Access-Control-Allow-Origin:* with all permissions set. Every time I load in an image from the space onto my localhost, every request to that image doesn’t work. Here’s an image you can try it on: https://go-edit.sfo2.digitaloceanspaces.com/1/1565117740336-dog.g-1q0nvMe.jpeg

What gives? I keep getting an error that I feel I shouldn’t be receiving after setting it.

Thanks in advance!

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

James

September 26, 2021

Worth noting that if you have CDN enabled, it looks as though you might have to clear the cache for CORS changes to take affect.

Dikshith Shetty

August 13, 2019

Hey! Thanks for providing the screenshot!

The CORS settings for your Spaces is working and here is the curl output:

curl -v -X OPTIONS  'https://go-edit.sfo2.digitaloceanspaces.com/1/1565117740336-dog.g-1q0nvMe.jpeg' -H "Origin:https://localhost" -H "Access-Control-Request-Method: GET,PUT,POST,HEAD,DELETE"
*   Trying 138.68.32.225...
* TCP_NODELAY set
* Connected to go-edit.sfo2.digitaloceanspaces.com (138.68.32.225) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.sfo2.digitaloceanspaces.com
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> OPTIONS /1/1565117740336-dog.g-1q0nvMe.jpeg HTTP/1.1
> Host: go-edit.sfo2.digitaloceanspaces.com
> User-Agent: curl/7.54.0
> Accept: */*
> Origin:https://localhost
> Access-Control-Request-Method: GET,PUT,POST,HEAD,DELETE
> 
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: https://localhost
< Vary: Origin
< Access-Control-Allow-Methods: GET,PUT,POST,HEAD,DELETE
< Access-Control-Max-Age: 0
< x-amz-request-id: tx000000000000112633397-005d52a396-23e283-sfo2a
< Content-Length: 0
< Date: Tue, 13 Aug 2019 11:48:38 GMT
< Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
< 
* Connection #0 to host go-edit.sfo2.digitaloceanspaces.com left intact

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

View all products

Get started for free

Get started

*This promotional offer applies to new accounts only.