Enable CORS with the S3-Compatible API
    • Dark

    Enable CORS with the S3-Compatible API

    • Dark

    Article Summary

    There are a few key differences in our implementation of CORS support in the Backblaze B2 Cloud Storage S3-Compatible API that are noted here.

    For all of the Backblaze API operations and their corresponding documentation, see API Documentation.


    • An empty value (ex. <AllowedOrigin></AllowedOrigin>) is rejected and returns status code 400 with the message, “illegal empty string in allowedOrigins.”


    • Duplicate elements of the same method are aggregated on GetBucketCors calls.


    • The S3 Compatible API will accept a range of [0, 86400].

    XML input size

    • The size limit for CORS rules XML input is 100 KB.

    If you plan on using CORS for both the B2 Native API and S3 Compatible API, please see our CORS documentation for expected behavior and differences.

    Was this article helpful?

    What's Next