Configure CORS for a bucket

Add a CORS configuration to a Cloud Storage bucket.

Explore further

For detailed documentation that includes this code sample, see the following:

Set up and view CORS configurations

Code sample

C++

For more information, see the Cloud Storage C++ API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  namespace 
  
 gcs 
  
 = 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 storage 
 ; 
 using 
  
 :: 
 google 
 :: 
 cloud 
 :: 
 StatusOr 
 ; 
 []( 
 gcs 
 :: 
 Client 
  
 client 
 , 
  
 std 
 :: 
 string 
  
 const 
&  
 bucket_name 
 , 
  
 std 
 :: 
 string 
  
 const 
&  
 origin 
 ) 
  
 { 
  
 StatusOr<gcs 
 :: 
 BucketMetadata 
>  
 original 
  
 = 
  
 client 
 . 
 GetBucketMetadata 
 ( 
 bucket_name 
 ); 
  
 if 
  
 ( 
 ! 
 original 
 ) 
  
 throw 
  
 std 
 :: 
 move 
 ( 
 original 
 ). 
 status 
 (); 
  
 std 
 :: 
 vector<gcs 
 :: 
 CorsEntry 
>  
 cors_configuration 
 ; 
  
 cors_configuration 
 . 
 emplace_back 
 ( 
  
 gcs 
 :: 
 CorsEntry 
 { 
 3600 
 , 
  
 { 
 "GET" 
 }, 
  
 { 
 origin 
 }, 
  
 { 
 "Content-Type" 
 }}); 
  
 StatusOr<gcs 
 :: 
 BucketMetadata 
>  
 patched 
  
 = 
  
 client 
 . 
 PatchBucket 
 ( 
  
 bucket_name 
 , 
  
 gcs 
 :: 
 BucketMetadataPatchBuilder 
 (). 
 SetCors 
 ( 
 cors_configuration 
 ), 
  
 gcs 
 :: 
 IfMetagenerationMatch 
 ( 
 original 
 - 
> metageneration 
 ())); 
  
 if 
  
 ( 
 ! 
 patched 
 ) 
  
 throw 
  
 std 
 :: 
 move 
 ( 
 patched 
 ). 
 status 
 (); 
  
 if 
  
 ( 
 patched 
 - 
> cors 
 (). 
 empty 
 ()) 
  
 { 
  
 std 
 :: 
 cout 
 << 
 "Cors configuration is not set for bucket " 
 << 
 patched 
 - 
> name 
 () 
 << 
 " 
 \n 
 " 
 ; 
  
 return 
 ; 
  
 } 
  
 std 
 :: 
 cout 
 << 
 "Cors configuration successfully set for bucket " 
 << 
 patched 
 - 
> name 
 () 
 << 
 " 
 \n 
 New cors configuration: " 
 ; 
  
 for 
  
 ( 
 auto 
  
 const 
&  
 cors_entry 
  
 : 
  
 patched 
 - 
> cors 
 ()) 
  
 { 
  
 std 
 :: 
 cout 
 << 
 " 
 \n 
 " 
 << 
 cors_entry 
 << 
 " 
 \n 
 " 
 ; 
  
 } 
 }

C#

For more information, see the Cloud Storage C# API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  using 
  
 Google.Apis.Storage.v1.Data 
 ; 
 using 
  
  Google.Cloud.Storage.V1 
 
 ; 
 using 
  
 System 
 ; 
 using 
  
 System.Collections.Generic 
 ; 
 using 
  
 static 
  
 Google 
 . 
 Apis 
 . 
 Storage 
 . 
 v1 
 . 
 Data 
 . 
 Bucket 
 ; 
 public 
  
 class 
  
 BucketAddCorsConfigurationSample 
 { 
  
 public 
  
 Bucket 
  
 BucketAddCorsConfiguration 
 ( 
 string 
  
 bucketName 
  
 = 
  
 "your-bucket-name" 
 ) 
  
 { 
  
 var 
  
 storage 
  
 = 
  
  StorageClient 
 
 . 
  Create 
 
 (); 
  
 var 
  
 bucket 
  
 = 
  
 storage 
 . 
 GetBucket 
 ( 
 bucketName 
 ); 
  
 CorsData 
  
 corsData 
  
 = 
  
 new 
  
 CorsData 
  
 { 
  
 Origin 
  
 = 
  
 new 
  
 string 
 [] 
  
 { 
  
 "*" 
  
 }, 
  
 ResponseHeader 
  
 = 
  
 new 
  
 string 
 [] 
  
 { 
  
 "Content-Type" 
 , 
  
 "x-goog-resumable" 
  
 }, 
  
 Method 
  
 = 
  
 new 
  
 string 
 [] 
  
 { 
  
 "PUT" 
 , 
  
 "POST" 
  
 }, 
  
 MaxAgeSeconds 
  
 = 
  
 3600 
  
 //One Hour 
  
 }; 
  
 if 
  
 ( 
 bucket 
 . 
 Cors 
  
 == 
  
 null 
 ) 
  
 { 
  
 bucket 
 . 
 Cors 
  
 = 
  
 new 
  
 List<CorsData> 
 (); 
  
 } 
  
 bucket 
 . 
 Cors 
 . 
 Add 
 ( 
 corsData 
 ); 
  
 bucket 
  
 = 
  
 storage 
 . 
 UpdateBucket 
 ( 
 bucket 
 ); 
  
 Console 
 . 
 WriteLine 
 ( 
 $"bucketName {bucketName} was updated with a CORS config to allow {string.Join(" 
 , 
 ", corsData.Method)} requests from" 
  
 + 
  
 $" {string.Join(" 
 , 
 ", corsData. Origin 
)} sharing {string.Join(" 
 , 
 ", corsData.ResponseHeader)} responseHeader" 
  
 + 
  
 $" responses across origins." 
 ); 
  
 return 
  
 bucket 
 ; 
  
 } 
 }

Go

For more information, see the Cloud Storage Go API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  import 
  
 ( 
  
 "context" 
  
 "fmt" 
  
 "io" 
  
 "time" 
  
 "cloud.google.com/go/storage" 
 ) 
 // setBucketCORSConfiguration sets a CORS configuration on a bucket. 
 func 
  
 setBucketCORSConfiguration 
 ( 
 w 
  
 io 
 . 
  Writer 
 
 , 
  
 bucketName 
  
 string 
 , 
  
 maxAge 
  
 time 
 . 
 Duration 
 , 
  
 methods 
 , 
  
 origins 
 , 
  
 responseHeaders 
  
 [] 
 string 
 ) 
  
 error 
  
 { 
  
 // bucketName := "bucket-name" 
  
 // maxAge := time.Hour 
  
 // methods := []string{"GET"} 
  
 // origins := []string{"some-origin.com"} 
  
 // responseHeaders := []string{"Content-Type"} 
  
 ctx 
  
 := 
  
 context 
 . 
 Background 
 () 
  
 client 
 , 
  
 err 
  
 := 
  
 storage 
 . 
 NewClient 
 ( 
 ctx 
 ) 
  
 if 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "storage.NewClient: %w" 
 , 
  
 err 
 ) 
  
 } 
  
 defer 
  
 client 
 . 
 Close 
 () 
  
 ctx 
 , 
  
 cancel 
  
 := 
  
 context 
 . 
 WithTimeout 
 ( 
 ctx 
 , 
  
 time 
 . 
 Second 
 * 
 10 
 ) 
  
 defer 
  
 cancel 
 () 
  
 bucket 
  
 := 
  
 client 
 . 
  Bucket 
 
 ( 
 bucketName 
 ) 
  
 bucketAttrsToUpdate 
  
 := 
  
 storage 
 . 
  BucketAttrsToUpdate 
 
 { 
  
 CORS 
 : 
  
 [] 
 storage 
 . 
  CORS 
 
 { 
  
 { 
  
 MaxAge 
 : 
  
 maxAge 
 , 
  
 Methods 
 : 
  
 methods 
 , 
  
 Origins 
 : 
  
 origins 
 , 
  
 ResponseHeaders 
 : 
  
 responseHeaders 
 , 
  
 }}, 
  
 } 
  
 if 
  
 _ 
 , 
  
 err 
  
 := 
  
 bucket 
 . 
 Update 
 ( 
 ctx 
 , 
  
 bucketAttrsToUpdate 
 ); 
  
 err 
  
 != 
  
 nil 
  
 { 
  
 return 
  
 fmt 
 . 
 Errorf 
 ( 
 "Bucket(%q).Update: %w" 
 , 
  
 bucketName 
 , 
  
 err 
 ) 
  
 } 
  
 fmt 
 . 
 Fprintf 
 ( 
 w 
 , 
  
 "Bucket %v was updated with a CORS config to allow %v requests from %v sharing %v responses across origins\n" 
 , 
  
 bucketName 
 , 
  
 methods 
 , 
  
 origins 
 , 
  
 responseHeaders 
 ) 
  
 return 
  
 nil 
 }

Java

For more information, see the Cloud Storage Java API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  import 
  
 com.google.cloud.storage. Bucket 
 
 ; 
 import 
  
 com.google.cloud.storage. Cors 
 
 ; 
 import 
  
 com.google.cloud.storage. HttpMethod 
 
 ; 
 import 
  
 com.google.cloud.storage. Storage 
 
 ; 
 import 
  
 com.google.cloud.storage. StorageOptions 
 
 ; 
 import 
  
 com.google.common.collect.ImmutableList 
 ; 
 public 
  
 class 
 ConfigureBucketCors 
  
 { 
  
 public 
  
 static 
  
 void 
  
 configureBucketCors 
 ( 
  
 String 
  
 projectId 
 , 
  
 String 
  
 bucketName 
 , 
  
 String 
  
 origin 
 , 
  
 String 
  
 responseHeader 
 , 
  
 Integer 
  
 maxAgeSeconds 
 ) 
  
 { 
  
 // The ID of your GCP project 
  
 // String projectId = "your-project-id"; 
  
 // The ID of your GCS bucket 
  
 // String bucketName = "your-unique-bucket-name"; 
  
 // The origin for this CORS config to allow requests from 
  
 // String origin = "http://example.appspot.com"; 
  
 // The response header to share across origins 
  
 // String responseHeader = "Content-Type"; 
  
 // The maximum amount of time the browser can make requests before it must repeat preflighted 
  
 // requests 
  
 // Integer maxAgeSeconds = 3600; 
  
  Storage 
 
  
 storage 
  
 = 
  
  StorageOptions 
 
 . 
 newBuilder 
 (). 
 setProjectId 
 ( 
 projectId 
 ). 
 build 
 (). 
  getService 
 
 (); 
  
  Bucket 
 
  
 bucket 
  
 = 
  
 storage 
 . 
  get 
 
 ( 
 bucketName 
 ); 
  
 // See the HttpMethod documentation for other HTTP methods available: 
  
 // https://cloud.google.com/appengine/docs/standard/java/javadoc/com/google/appengine/api/urlfetch/HTTPMethod 
  
  HttpMethod 
 
  
 method 
  
 = 
  
  HttpMethod 
 
 . 
 GET 
 ; 
  
  Cors 
 
  
 cors 
  
 = 
  
  Cors 
 
 . 
 newBuilder 
 () 
  
 . 
  setOrigins 
 
 ( 
 ImmutableList 
 . 
 of 
 ( 
  Cors 
 
 . 
 Origin 
 . 
 of 
 ( 
 origin 
 ))) 
  
 . 
  setMethods 
 
 ( 
 ImmutableList 
 . 
 of 
 ( 
 method 
 )) 
  
 . 
  setResponseHeaders 
 
 ( 
 ImmutableList 
 . 
 of 
 ( 
 responseHeader 
 )) 
  
 . 
  setMaxAgeSeconds 
 
 ( 
 maxAgeSeconds 
 ) 
  
 . 
 build 
 (); 
  
 bucket 
 . 
  toBuilder 
 
 (). 
 setCors 
 ( 
 ImmutableList 
 . 
 of 
 ( 
 cors 
 )). 
 build 
 (). 
 update 
 (); 
  
 System 
 . 
 out 
 . 
 println 
 ( 
  
 "Bucket " 
  
 + 
  
 bucketName 
  
 + 
  
 " was updated with a CORS config to allow GET requests from " 
  
 + 
  
 origin 
  
 + 
  
 " sharing " 
  
 + 
  
 responseHeader 
  
 + 
  
 " responses across origins" 
 ); 
  
 } 
 }

Node.js

For more information, see the Cloud Storage Node.js API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  // Imports the Google Cloud client library 
 const 
  
 { 
 Storage 
 } 
  
 = 
  
 require 
 ( 
 ' @google-cloud/storage 
' 
 ); 
 // Creates a client 
 const 
  
 storage 
  
 = 
  
 new 
  
 Storage 
 (); 
 /** 
 * TODO(developer): Uncomment the following lines before running the sample. 
 */ 
 // The ID of your GCS bucket 
 // const bucketName = 'your-unique-bucket-name'; 
 // The origin for this CORS config to allow requests from 
 // const origin = 'http://example.appspot.com'; 
 // The response header to share across origins 
 // const responseHeader = 'Content-Type'; 
 // The maximum amount of time the browser can make requests before it must 
 // repeat preflighted requests 
 // const maxAgeSeconds = 3600; 
 // The name of the method 
 // See the HttpMethod documentation for other HTTP methods available: 
 // https://cloud.google.com/appengine/docs/standard/java/javadoc/com/google/appengine/api/urlfetch/HTTPMethod 
 // const method = 'GET'; 
 async 
  
 function 
  
 configureBucketCors 
 () 
  
 { 
  
 await 
  
 storage 
 . 
 bucket 
 ( 
 bucketName 
 ). 
  setCorsConfiguration 
 
 ([ 
  
 { 
  
 maxAgeSeconds 
 , 
  
 method 
 : 
  
 [ 
 method 
 ], 
  
 origin 
 : 
  
 [ 
 origin 
 ], 
  
 responseHeader 
 : 
  
 [ 
 responseHeader 
 ], 
  
 }, 
  
 ]); 
  
 console 
 . 
 log 
 ( 
 `Bucket 
 ${ 
 bucketName 
 } 
 was updated with a CORS config 
 to allow 
 ${ 
 method 
 } 
 requests from 
 ${ 
 origin 
 } 
 sharing 
  
 ${ 
 responseHeader 
 } 
 responses across origins` 
 ); 
 } 
 configureBucketCors 
 (). 
 catch 
 ( 
 console 
 . 
 error 
 );

PHP

For more information, see the Cloud Storage PHP API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  use Google\Cloud\Storage\StorageClient; 
 /** 
 * Update the CORS configuration of a bucket. 
 * 
 * @param string $bucketName The name of your Cloud Storage bucket. 
 *        (e.g. 'my-bucket') 
 * @param string $method The HTTP method for the CORS config. (e.g. 'GET') 
 * @param string $origin The origin from which the CORS config will allow requests. 
 *        (e.g. 'http://example.appspot.com') 
 * @param string $responseHeader The response header to share across origins. 
 *        (e.g. 'Content-Type') 
 * @param int $maxAgeSeconds The maximum amount of time the browser can make 
 *        (e.g. 3600) 
 *     requests before it must repeat preflighted requests. 
 */ 
 function cors_configuration(string $bucketName, string $method, string $origin, string $responseHeader, int $maxAgeSeconds): void 
 { 
 $storage = new StorageClient(); 
 $bucket = $storage->bucket($bucketName); 
 $bucket->update([ 
 'cors' => [ 
 [ 
 'method' => [$method], 
 'origin' => [$origin], 
 'responseHeader' => [$responseHeader], 
 'maxAgeSeconds' => $maxAgeSeconds, 
 ] 
 ] 
 ]); 
 printf( 
 'Bucket %s was updated with a CORS config to allow GET requests from ' . 
 '%s sharing %s responses across origins.', 
 $bucketName, 
 $origin, 
 $responseHeader 
 ); 
 }

Python

For more information, see the Cloud Storage Python API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  from 
  
 google.cloud 
  
 import 
  storage 
 
 def 
  
 cors_configuration 
 ( 
 bucket_name 
 ): 
  
 """Set a bucket's CORS policies configuration.""" 
 # bucket_name = "your-bucket-name" 
 storage_client 
 = 
  storage 
 
 . 
  Client 
 
 () 
 bucket 
 = 
 storage_client 
 . 
  get_bucket 
 
 ( 
 bucket_name 
 ) 
 bucket 
 . 
  cors 
 
 = 
 [ 
 { 
 "origin" 
 : 
 [ 
 "*" 
 ], 
 "responseHeader" 
 : 
 [ 
 "Content-Type" 
 , 
 "x-goog-resumable" 
 ], 
 "method" 
 : 
 [ 
 'PUT' 
 , 
 'POST' 
 ], 
 "maxAgeSeconds" 
 : 
 3600 
 } 
 ] 
 bucket 
 . 
 patch 
 () 
 print 
 ( 
 f 
 "Set CORS policies for bucket 
 { 
 bucket 
 . 
 name 
 } 
 is 
 { 
 bucket 
 . 
  cors 
 
 } 
 " 
 ) 
 return 
 bucket

Ruby

For more information, see the Cloud Storage Ruby API reference documentation .

To authenticate to Cloud Storage, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  def 
  
 cors_configuration 
  
 bucket_name 
 : 
  
 # The ID of your GCS bucket 
  
 # bucket_name = "your-unique-bucket-name" 
  
 require 
  
 "google/cloud/storage" 
  
 storage 
  
 = 
  
 Google 
 :: 
 Cloud 
 :: 
  Storage 
 
 . 
  new 
 
  
 bucket 
  
 = 
  
 storage 
 . 
 bucket 
  
 bucket_name 
  
 bucket 
 . 
 cors 
  
 do 
  
 | 
 c 
 | 
  
 c 
 . 
  add_rule 
 
  
 [ 
 "*" 
 ] 
 , 
  
 [ 
 "PUT" 
 , 
  
 "POST" 
 ] 
 , 
  
 headers 
 : 
  
 [ 
  
 "Content-Type" 
 , 
  
 "x-goog-resumable" 
  
 ] 
 , 
  
 max_age 
 : 
  
 3600 
  
 end 
  
 puts 
  
 "Set CORS policies for bucket 
 #{ 
 bucket_name 
 } 
 " 
 end

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .

Configure CORS for a bucket Stay organized with collections Save and categorize content based on your preferences.

Explore further

Code sample

C++

C#

Go

Java

Node.js

PHP

Python

Ruby

What's next

Configure CORS for a bucket