Using CORS in private buckets

Using CORS in private buckets

Because browsers are specifically mandated to strip user-headers from CORS requests, it is not possible to use the AUTHORIZATION header in download requests from private buckets when those requests come from a browser.

Use the alternative authentication method of appending the authentication string to the download URL. For example, to download the file helloworld.html from a public bucket publichello the url might be:

To download a similar file from a bucket privatehello might be: dnld

Please note: Although web standards are to ignore case in the headers, URLS are case sensitive. Authorization must have the first letter capitalized, and the remainder in lower case.

Have more questions? Submit a request


  • 1

    This article was confusing until I found in the documentation that it should be




    Hopefully I save someone some time looking through this not so organized documentation.

  • 0
Article is closed for comments.
Powered by Zendesk