Digital Ocean Spaces S3: Is it possible to add access-control-allow-origin: * to all requests

amazon s3cloudcorsdigital-ocean

If you curl my image 

curl -i https://local-spaces.fra1.digitaloceanspaces.com/test.jpg

you will see that there is no Access-Control-Allow-Origin header in the response.

If you curl like this, the header is set:

curl -H "Origin: http://example.com/" -i https://local-spaces.fra1.digitaloceanspaces.com/test.jpg

Now I wonder, because all big CDN pages always set the Access-Control-Allow-Origin: *, even when Sec-Fetch-Mode: no-cors.

To test it, do this:

curl -i https://scontent.cdninstagram.com/vp/02a788f9e7f55880601ed240a0e3142a/5E29CBDE/t51.2885-15/sh0.08/e35/s640x640/72271766_155986088835033_6677460235579468035_n.jpg\?_nc_ht\=scontent.cdninstagram.com

or

curl -i https://loremflickr.com/480/640/girl,boy,man,men,woman\?lock\=4446

Best Answer

The support reached out to me:

At the moment, there isn't any way to force this. Without an Origin set, the header will not be served. It is possible to use a proxy service, however that may not be the best fit for most use cases.

Related Topic