![Using CORS in private buckets]({"bg": "//theme.zdassets.com/theme_assets/34506/e106cc8a79a6a41c781c71d999cffaa33b481de7.jpg"})
![Using CORS in private buckets]({"bg": "//theme.zdassets.com/theme_assets/34506/d38d9cc5a4fcb160800cb7a8f0e0cb60aaa36d2e.jpg"})
Using CORS in private buckets
Because browsers are specifically mandated to strip user-headers from CORS requests, it is not possible to use the AUTHORIZATION header in download requests from private buckets when those requests come from a browser.
Use the alternative authentication method of appending the authentication string to the download URL. For example, to download the file helloworld.html from a public bucket publichello the url might be:
https://f000.backblaze2.com/files/publichello/helloworld.html
To download a similar file from a bucket privatehello might be:
https://f000.backblaze2.com/files/privatehello/helloworld.html?
Please note: Although web standards are to ignore case in the headers, URLS are case sensitive. Authorization must have the first letter capitalized, and the remainder in lower case.
Articles in this section
- Object Lock FAQs
- Delivering Backblaze B2 Content Through Cloudflare CDN
- Bunny Integration Quick Start Guide
- Guide for using Fastly Compute @ Edge with Backblaze B2
- SSE Command Line and API Examples
- Does the B2 S3 Compatible API support Pre-Signed URLs?
- How to use Fastly CDN with B2
- Using the AWS SDK for Java (v2) with B2
- How to use the AWS SDK for Python with B2.
- Using the AWS SDK for PHP with Backblaze B2 Cloud Storage