An update to the default CORS policy

We are making a change to the default configuration of the cross-origin resource sharing (CORS) policies for DreamObjects. We’ve seen OPTIONS request traffic to your bucket so we wanted to ensure you are aware of the new configuration. These are typically sent if you’re uploading to DreamObjects from your site or are using a common resource, like fonts, stored within DreamObjects on your site.

DreamObjects was originally implemented with only a default CORS policy of the * wildcard, which permitted ANY origin to be used; no per-bucket CORS was originally available. As of October 1, 2015 we began supporting per-bucket CORS policies but left the wildcard policy in effect to prevent any disruption.

Starting February 1, 2016 we are removing the wildcard policy. From that date forward, if you require CORS functionality, you’ll need to configure a CORS policy on your bucket. We have documentation about CORS and instructions on configuring a policy on our wiki at

If you’ve got questions about any of this, or need help setting up a CORS policy of your own, please don’t hesitate to contact our tech support team. They’re standing by and ready to help!

Where do we add this policy? I don’t see a way to do this from the panel.

There isn’t a way to do this from the control panel right now. You’d either have to do this with code, e.g. the python example shown in the wiki, or contact our tech support team to do it for you.

so, you are removing the wildcard, without adding the users domains that are in their accoutn? isnt that kinda like hitting the “break” button? yall really need to hire some developers solely to work on the panel. it hasnt just not gained any features, its lost them!

pyrotuc, not really. We contacted all of the customers who appeared to be using cross-domain requests some time ago; anyone who would have been affected by this change was notified well ahead of time.

Hi, can you please provide a code for ruby to change CORS configuration ?