> ## Documentation Index > Fetch the complete documentation index at: https://gcore.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create S3 bucket CORS > Configures Cross-Origin Resource Sharing (CORS) rules for an S3 bucket, allowing web applications from specified domains to access bucket resources directly from browsers. Deprecated: Use PATCH /v4/`object_storages`/{`storage_id`}/buckets/{`bucket_name`} with {"cors": {"allowed_origins": [...]}} instead. ## OpenAPI ````yaml /api-reference/services_documented/object_storage_api.yaml post /storage/provisioning/v1/storage/{storage_id}/s3/bucket/{bucket_name}/cors openapi: 3.1.0 info: title: Gcore OpenAPI – Object Storage API description: >- This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS Protection, Object Storage, Streaming, and FastEdge services. version: '2026-05-15T06:37:28.230198+00:00' servers: - url: https://api.gcore.com security: - APIKey: [] tags: - name: Notifications x-displayName: Notifications - name: SSHKeys x-displayName: SSHKeys - name: Storage Locations x-displayName: Storage Locations - name: Storage x-displayName: Storage - name: Storage Statistics x-displayName: Storage Statistics - name: S3-Compatible Storage x-displayName: S3-Compatible Storage - name: SFTP Storage x-displayName: SFTP Storage paths: /storage/provisioning/v1/storage/{storage_id}/s3/bucket/{bucket_name}/cors: post: tags: - Storage summary: Create S3 bucket CORS description: >- Configures Cross-Origin Resource Sharing (CORS) rules for an S3 bucket, allowing web applications from specified domains to access bucket resources directly from browsers. Deprecated: Use PATCH /v4/`object_storages`/{`storage_id`}/buckets/{`bucket_name`} with {"cors": {"allowed_origins": [...]}} instead. operationId: storageBucketCORSCreateHttp parameters: - name: storage_id in: path description: Unique identifier for the storage instance required: true schema: type: integer format: int64 - name: bucket_name in: path description: Name of the S3 bucket to configure CORS for required: true schema: type: string requestBody: description: CORS configuration for the bucket content: application/json: schema: type: object properties: allowedOrigins: type: array description: List of allowed origins for CORS requests example: - https://example.com - https://app.example.com - '*' items: type: string required: true responses: '204': description: >- A SuccessResponse is a response that shows that operations was completed successfully content: {} '400': description: ErrResponse content: application/json: schema: $ref: '#/components/schemas/ErrResponse' deprecated: true components: schemas: ErrResponse: type: object properties: error: type: string description: ErrResponse is an error response securitySchemes: APIKey: description: >- API key for authentication. Make sure to include the word `apikey`, followed by a single space and then your token. Example: `apikey 1234$abcdef` type: apiKey in: header name: Authorization ````