Configuring CORS (Access-Control-Allow-Origin)

[iamdarkle]

I would like to know how I could apply an Access-Control-Allow-Origin to a certain domain from R2, could it be done with this worker? Currently the content of my bucket is not shown because of this.

[kotx]

There's no built-in way to do this with Render yet, I might add one in the future but I'm still undecided.
However, it should be possible to do this with transform rules:

(you can also set the expression to true)

[iamdarkle]

It would be really great to support headers in render, although in the meantime this sounds really interesting, I have never used the transformation rules, I can't get it to work, if for example this is the URL of the bucket test.example.com, in the URI value I should put that URL and in the Access-Control-Allow-Origin value the URL example.com (which would be the place where I want to allow the bucket content to be shown)?

I have done exactly the same but with test.example.com/* to affect the rest of the objects but it doesn't seem to work.

[kotx]

You can check if the Host is equal to test.example.com or if URI matches the regex https://test.example.com/.*.
The URI and Access-Control-Allow-Origin header must start with the protocol, e.g. https://.

[iamdarkle]

Thank you very much indeed I managed to get it working, you completely saved my day :)

If it's ok with you I'll keep the issue open in case CORS handling is incorporated into Render (?) I think it's worth a look, also Vitali (Cloudflare developer) says it will come at some point but not soon, I thought it would with the public buckets in a couple of weeks, but that won't be the case, so it's a long way off...

[kotx]

I added an ALLOWED_ORIGINS env var (configurable in wrangler.toml) so you can set an access-control-allow-origin value returned for every request.

Yeah, I believe public buckets will be introduced early next month(?) Not sure how useful this repository will be then.