Configuring the default CORS behavior

Cross-origin resource sharing (CORS) is a protocol that defines how resources from different origins interact. By default, the CORS behavior is configured to allow access from all origins and applies to all buckets with no CORS policy specified.

To check the CORS settings, use the ostor-ctl get-settings command:

# ostor-ctl get-settings
 NS.bkup_hour=-24
 OS.bkup_hour=-24
 OS.max_count=100
 OS.max_size=1000
 cfg.autosplit.enabled=1
 cfg.autosplit.max_active=1
 gen.lj.max_size_mb=2048
 gen.lj.min_size_mb=16
 gen.paxos.cache_size=0
 gen.paxos.lease_tout=5000
 gen.rj.mismatch_abort=1
 gen.rj.obj_type_dump=0
 hostd.automaintenance.enabled=0
 hostd.automaintenance.threshold=10
 ostor.default_cors.enabled=1

For security reasons, you may want to change the default CORS behavior to disable all cross-origin requests unless a CORS policy is specified for a bucket. To do this, use the ostor-ctl put-settings command and specify ostor.default_cors.enabled=0:

# ostor-ctl put-settings ostor.default_cors.enabled=0