Enabling cross-origin resource sharing (CORS)

We recommend enabling CORS (Cross-Origin Resource Sharing) when using Amazon S3 as your backend server. To enable CORS, set up a custom HTTP header for your service by following the steps below.

  1. Log in to the Fastly application.
  2. Click the configure tab (the wrench icon).

    Select the configure tab.

  3. Select the appropriate service from the Service menu.

  4. Click the blue Configure button.

  5. Click the Content pane. The Content controls appear.

    the Content pane

  6. In the Headers area, click the New button to create a new header. The New Header window appears.

    a Custom CORs header

  7. Fill out the New Header fields as follows:

    • In the Name field, type a descriptive name for the new header (e.g., CORS S3 Allow).
    • From the Type/Action menus, select Cache and Set.
    • In the Destination field, type http.Access-Control-Allow-Origin.
    • In the Source field, type "*".
    • Leave the Ignore If Set menu and the Priority field set to their default values.
  8. Click Create. The new header appears in the Headers area.

Test it out

Running the command curl -I your-hostname.com/path/to/resource should include similar information to the following in your header:

Access-Control-Allow-Origin: http://your-hostname.tld
Access-Control-Allow-Methods: GET
Access-Control-Expose-Headers: Content-Length, Connection, Date...
Back to Top