AWS News Blog

Amazon S3 – Cross Origin Resource Sharing Support


In order to keep your content safe, your web browser implements something called the same origin policy.

The default policy ensures that scripts and other active content loaded from one site or domain cannot interfere or interact with content from another location without an explicit indication that this is the desired behavior.

In certain cases, the developer of the original page might have legitimate reasons to write code that interacts with content or services at other locations. CORS provides the mechanism to allow the developer to tell the browser to allow this interaction.

Good News
Here’s the good news in a nutshell: Amazon S3 now supports Cross Origin Resource Sharing (aka CORS). The CORS specification gives you the ability to build web applications that make requests to domains other than the one which supplied the primary content.

You can use CORS support to build web applications that use JavaScript and HTML5 to interact directly with resources in Amazon S3 without the need for a proxy server.  You can implement HTML5 drag and drop uploads to Amazon S3, show upload progress, or update content directly from your web applications. External web pages, style sheets, and HTML5 applications hosted in different domains can now reference assets such as web fonts and images stored in an S3 bucket, enabling you to share these assets across multiple web sites.

Read the new CORS documentation to learn more.


You can configure any of your S3 buckets for cross-domain access through the AWS Management Console or the S3 API. You do this by adding one or more CORS rules to your bucket. Each rule can specify a domain that should have access to your bucket (e.g. and a set of HTTP verbs you wish to allow (e.g. PUT). Here is a quick tour of the relevant parts of the console. There is a new Add CORS Configuration option in the property page for each bucket:

Clicking that option will display the CORS Configuration Editor:

We have included a number of sample CORS configurations in the S3 documentation.

I know that many of you have been asking for this feature for quite some time. Let me know how it works out for you!



Jeff Barr

Jeff Barr

Jeff Barr is Chief Evangelist for AWS. He started this blog in 2004 and has been writing posts just about non-stop ever since.