I’m having trouble with setting the correct CORS policy on my bucket on Cloudflare's R2.
What I want to achieve: the bucket may by accessed by via any webpage of any domain, but only with GET method is allowed (so POST/PUT/DELETE are blocked) and from my own domain all methods are allowed.
I’ve tried this but seems not valid:
[
{
"AllowedOrigins": [
"*"
],
"AllowedMethods": [
"GET"
]
}
{
"AllowedOrigins": [
"https://example.com/"
],
"AllowedMethods": [
"GET",
"PUT",
"POST"
]
}
]
Does anyone know how to set the CORS policy correctly?
Each CORS rule should be enclosed within curly braces {}, and there should be a comma , between each rule. Here's the corrected version of your CORS policy:
[
{
"AllowedOrigins": ["*"],
"AllowedMethods": ["GET"]
},
{
"AllowedOrigins": ["https://example.com"],
"AllowedMethods": ["GET", "PUT", "POST"]
}
]