CORS Settings
This section explains the CORS Settings on the Service Portal AI. CORS stands for Cross-Origin Resource Sharing, which allows web applications to access resources from a different domain than their original domain. CORS is an HTTP-based security mechanism that enables servers to control data requests coming from different domains. By default, browsers restrict cross-domain access for security reasons. CORS provides a secure and controlled way to allow exceptions to these restrictions. By using CORS, you can define whether a browser is allowed to permit a web page from one origin (domain, protocol, and port) to access resources from another origin. By using CORS, you can define whether a browser is allowed to permit a web page from one origin (domain, protocol, and port) to access resources from another origin.
Here is an example to help you better understand how CORS works:
Suppose you have a website at https://www.technicalwriters.id/, and you store static files such as images, videos, or PDFs in the Deka Box Service Portal AI at the following link https://putri.basic.box.cloudeka.id/demo-deka-box/logo.png. When the browser tries to access this file from the Cloudeka domain, it automatically blocks the request because the bucket denies access for security reasons. Therefore, you need to configure CORS settings on your bucket to allow cross-domain access from your website.
In the CORS Configuration on Service Portal AI, you can Add CORS Configuration and Delete CORS Configuration.
Add CORS Configuration
To add CORS configuration to Deka Box via the Service Portal AI. On the Overview Tab in Deka Box Details page click the CORS Settings button.
The Cors Configuration page appears, click the Add button.
The Advanced CORS Options window appears, fill in the available columns. After filling in all the available columns, press the Save Option button.
Bucket Name
The name used to identify the bucket.
Origin
The request CORS uses in the scheme (http or https), domain, and port from which the request is sent.
Allow Methods
List of methods that are allowed to be used in CORS requests to the bucket:
GET is used to retrieve or read data from the bucket. It is the most commonly used method for static files on websites and must be selected if you require read access,
PUT is used to upload files or overwrite objects in the bucket. This is typically used by web applications that allow users to upload files to the bucket.
DELETE is used to delete files via API,
POST is used to upload files through multipart forms,
HEAD is used to request a file’s metadata without downloading the actual content.
Allow Header
List of HTTP headers that are allowed to be used in CORS requests
In the Origin section, you can enter a valid website address. In this guide, we use https://technicalwriters.id.
In the Allowed Methods section, since the website only displays images, it is sufficient to check the GET option.
In the Allowed Headers section, you may leave it blank if no special headers are needed. However, for flexibility and safety, you can use a wildcard symbol *. The wildcard * means all types of headers are allowed (such as Authorization, Content-Type, etc.).
Once you have added the CORS configuration, click the Apply Changes button to save the settings.
Wait until the process is complete and the notification "Successfully updated CORS rules" appears.
Delete CORS Configuration
To delete the CORS configuration on a Deka Box that is no longer in use via the Service Portal AI. On the Overview Tab in Deka Box Details page click the CORS Settings button.
In the CORS Configuration list, click the Delete button on the CORS configuration that you want to delete.
Last updated