CORS request validation

After CORS rules are configured for an HCP namespace, web applications can request access to the namespace resources by using either the Hitachi API for Amazon S3 or the REST API.

The Amazon S3 and REST gateways perform CORS rules validation on incoming object requests against an HCP bucket. When a CORS compliant HCP server receives a bucket request from a browser, the server evaluates the request headers against the CORS rules configuration for the bucket. The first CORS rule for the bucket that matches the request is the rule that is applied for creating the server response headers.

For security reasons, requests that fail authentication are not validated. In the web browser, these failed authentication requests result in CORS errors.

© 2015, 2020 Hitachi Vantara LLC. All rights reserved.