Cross-origin resource sharing (CORS) allows client web applications to access your S3 resources in a different domain by defining the CORS configuration in the XML document attached to your bucket. It allows cross-origin requests for your client-side application using CORS. For example, imagine that you have your own web server in the EC2 instance and want to use JavaScript on the web pages to access JSON files in an S3 static website. You can configure your bucket to enable cross-origin requests from the web server.

CORS can define rules in the XML configuration document, for example, the methods (GET, PUT, POST, DELETE, and HEAD), the origins (http://xxx, http://*.com), the headers (Authorization, Content-Type, x-amz-xxx, and so on), and the time in seconds to cache the response.

To enable CORS, the following methods are supported: