Thanks for flagging this issue for us. It looks like the input validation in our control panel is a bit too strict here. As a work-around until this experience is improved, you can create CORs configurations for Spaces using the API for origins without a TLD. For example, using s3cmd you can run:

s3cmd setcors cors.xml s3://example-space

Where the contents of the cors.xml file contains your CORs configurations in XML format. For example:

<CORSConfiguration>
 <CORSRule>
   <AllowedOrigin>http://localhost:3000</AllowedOrigin>

   <AllowedMethod>PUT</AllowedMethod>
   <AllowedMethod>POST</AllowedMethod>
   <AllowedMethod>DELETE</AllowedMethod>

   <AllowedHeader>*</AllowedHeader>
 </CORSRule>
</CORSConfiguration>

There are no pre-built s3cmd binaries for Windows.

So the depth of things we need to do to set CORS for Spaces for local development:

• Cant set CORS because of rules too strict, must use s3cmd:
• Must get s3cmd. Cannot get s3cmd because no windows binaries.
• Must build s3cmd from source. Cannot build s3cmd from source because it requires Python 2.x.
• Must download Python 2.x in system. Must vet python for development. If your stack does not include Python. Must learn python.

=|

With me Localhost works only after set a certified on php.ini.

https://curl.haxx.se/ca/cacert.pem

curl.cainfo = "pathtocert\cacert.pem"

I hope help you guys!