> ## Documentation Index > Fetch the complete documentation index at: https://gcore.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Get S3 bucket CORS > Retrieves the current Cross-Origin Resource Sharing (CORS) configuration for an S3 bucket, showing which domains are allowed to access the bucket from web browsers. Deprecated: Use GET /v4/`object_storages`/{`storage_id`}/buckets/{`bucket_name`} instead, which returns CORS along with policy and lifecycle configuration. ## OpenAPI ````yaml /api-reference/services_documented/object_storage_api.yaml get /storage/provisioning/v1/storage/{storage_id}/s3/bucket/{bucket_name}/cors openapi: 3.1.0 info: title: Gcore OpenAPI – Object Storage API description: >- This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS Protection, Object Storage, Streaming, and FastEdge services. version: '2026-05-15T06:37:28.230198+00:00' servers: - url: https://api.gcore.com security: - APIKey: [] tags: - name: Notifications x-displayName: Notifications - name: SSHKeys x-displayName: SSHKeys - name: Storage Locations x-displayName: Storage Locations - name: Storage x-displayName: Storage - name: Storage Statistics x-displayName: Storage Statistics - name: S3-Compatible Storage x-displayName: S3-Compatible Storage - name: SFTP Storage x-displayName: SFTP Storage paths: /storage/provisioning/v1/storage/{storage_id}/s3/bucket/{bucket_name}/cors: get: tags: - Storage summary: Get S3 bucket CORS description: >- Retrieves the current Cross-Origin Resource Sharing (CORS) configuration for an S3 bucket, showing which domains are allowed to access the bucket from web browsers. Deprecated: Use GET /v4/`object_storages`/{`storage_id`}/buckets/{`bucket_name`} instead, which returns CORS along with policy and lifecycle configuration. operationId: getStorageBucketCORSHttp parameters: - name: storage_id in: path description: Unique identifier for the storage instance required: true schema: type: integer format: int64 - name: bucket_name in: path description: Name of the S3 bucket to retrieve CORS configuration from required: true schema: type: string responses: '200': description: StorageGetBucketCorsEndpointRes content: application/json: schema: $ref: '#/components/schemas/StorageGetBucketCorsEndpointRes' '400': description: ErrResponse content: application/json: schema: $ref: '#/components/schemas/ErrResponse' deprecated: true components: schemas: StorageGetBucketCorsEndpointRes: type: object properties: allowedOrigins: type: array description: >- List of allowed origins for Cross-Origin Resource Sharing (CORS) requests. Contains domains/URLs that are permitted to make cross-origin requests to this bucket. example: - https://example.com - https://app.example.com - '*' items: type: string description: StorageGetBucketCorsEndpointRes output ErrResponse: type: object properties: error: type: string description: ErrResponse is an error response securitySchemes: APIKey: description: >- API key for authentication. Make sure to include the word `apikey`, followed by a single space and then your token. Example: `apikey 1234$abcdef` type: apiKey in: header name: Authorization ````