Using CORS in private buckets

Nathan Verrilli

October 29, 2018 18:10

Using CORS in private buckets

Because browsers are specifically mandated to strip user-headers from CORS requests, it is not possible to use the AUTHENTICATION header in download requests from private buckets when those requests come from a browser.

Use the alternative authentication method of appending the authentication string to the download URL. For example, to download the file helloworld.html from a public bucket publichello the url might be:

https://f000.backblaze2.com/files/publichello/helloworld.html

To download a similar file from a bucket privatehello might be:

https://f000.backblaze2.com/files/privatehello/helloworld.html?Authentication=3_20181021181348_1654aeb9046d1bcdd60dff3c_06314b74a8fc99f72def5a18c1b3c87ab35f329c_000_20181030221348_0000_dnld

Please note: Although web standards are to ignore case in the headers, URLS are case sensitive. Authentication must have the first letter capitalized, and the remainder in lower case.

Have more questions? Submit a request

2 Comments

Date Votes

1

gregfig November 07, 2018 18:33

This article was confusing until I found in the documentation that it should be

?Authorization=

NOT

?Authentication=

Hopefully I save someone some time looking through this not so organized documentation.

Permalink
0

massimognocchi86 January 16, 2019 15:51

Something like:

https://f002.backblazeb2.com/file/cgmood-test/uploads/01-2019/Ro5Lc98D4a2UntT7ijADII8tX0h3mvQ6hK0tZZGv.zip?Authorization=3_20190116155004_d2e4550b7d90bd17f2d7ac73_19299688d37a566340f233c5216521e88d0e985c_002_20190116155014_0008_dnld&b2ContentDisposition=attachment;filename=b2-124mb-test-cgmood.zip

works, however, I cannot make the 'validDurationInSeconds' option to work. My token does not expire.

Any ideas?

Massimo

Permalink

Please sign in to leave a comment.