Document CORS policy

2024-09-19 08:52:59 +00:00 · 2017-01-15 13:57:41 +01:00 · 2017-01-15 13:57:41 +01:00 · fb8c932654
commit fb8c932654
parent e6a6c4c300
3 changed files with 17 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -10,7 +10,7 @@ PaS(t)3 is a S3 file editor with Google authentication using Amazon Cognito. It
  1. Add an oAuth consent screen for your application (API Manager -> Credentials)
  1. Create credentials for a "Web application", add your URL as an "Authorized JavaScript origin"
  1. Put Client Id into the `config.yml`
-1. Create a S3 bucket
+1. Create a S3 bucket and add the CORS policy
 1. Create an Amazon Cognito Federated Identity Pool
  1. Add the policy documented in `cognito_auth_policy.json` as "Authenticated Role"
  1. Set the Google Client ID in the Google+ tab in "Authentication providers"
--- a/config.yml
+++ b/config.yml
@ -8,7 +8,7 @@ acl: public-read
 # Base URL for the uploaded files, either S3 download URL or CloudFront
 # distribution URL to which the file path is appended for display in the
 # interface
-base_url: https://s3-eu-west-1.amazonaws.com/past3/
+base_url: https://paste.luzifer.io/

 # Theme name (lowercase) of Bootswatch.com theme (Optional, when not
 # specified the original bootstrap theme is used)
--- a/cors.xml
+++ b/cors.xml
@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+    <CORSRule>
+        <AllowedOrigin>https://paste.luzifer.io</AllowedOrigin>
+        <AllowedMethod>HEAD</AllowedMethod>
+        <AllowedMethod>GET</AllowedMethod>
+        <AllowedMethod>PUT</AllowedMethod>
+        <AllowedMethod>POST</AllowedMethod>
+        <AllowedMethod>DELETE</AllowedMethod>
+        <ExposeHeader>ETag</ExposeHeader>
+        <ExposeHeader>x-amz-meta-custom-header</ExposeHeader>
+        <AllowedHeader>*</AllowedHeader>
+    </CORSRule>
+</CORSConfiguration>
+