We've been making changes to how we organize and display our docs. Our work isn't done but we'd love your feedback.
Getting started
Basics
Domains & Origins
Performance

Configuration
Basics
Conditions
Dictionaries
Domains & Origins
Request settings
Cache settings
Headers
Responses
Performance
Custom VCL
Image optimization
Video

Security
Access Control Lists
Monitoring and testing
Securing communications
TLS
Web Application Firewall

Integrations
Logging endpoints
Non-Fastly services

Diagnostics
Streaming logs
Debugging techniques
Common errors

Account info
Account management
Billing
User access and control

Reference

    Enabling cross-origin resource sharing (CORS)

      Last updated August 16, 2018

    We recommend enabling CORS (Cross-Origin Resource Sharing) when using Amazon S3 as your backend server. To enable CORS, set up a custom HTTP header for your service by following the steps below.

    1. Log in to the Fastly web interface and click the Configure link.
    2. From the service menu, select the appropriate service.
    3. Click the Configuration button and then select Clone active. The Domains page appears.
    4. Click the Content link. The Content page appears.
    5. Click the Create header button. The Create a header page appears.

      a Custom CORs header

    6. Fill out the Create a header fields as follows:
      • In the Name field, type a descriptive name for the new header (e.g., CORS S3 Allow). This name is displayed in the Fastly web interface.
      • From the Type menu, select Cache, and from the Action menu, select Set.
      • In the Destination field, type http.Access-Control-Allow-Origin.
      • In the Source field, type "*".
      • Leave the Ignore if set menu and the Priority field set to their default values.
    7. Click the Create button. The new header appears on the Content page.
    8. Click the Activate button to deploy your configuration changes.

    Test it out

    Running the command curl -I example.tld/path/to/resource should include similar information to the following in your header:

    1
    2
    3
    
    Access-Control-Allow-Origin: http://example.tld
    Access-Control-Allow-Methods: GET
    Access-Control-Expose-Headers: Content-Length, Connection, Date...
    
    Back to Top