How to set CORS headers for AWS storage?


CORS (Cross-origin Resource Sharing) headers are used as a security feature in modern browsers, intended to block illegitimate cross-origin content. In the case of Videos for Confluence, however, this doesn’t constitute a security issue; it is even necessary to allow specific cross-origin requests as the content stored in an AWS S3 bucket is to be displayed in Confluence.

Therefore you need to configure CORS settings for the S3 bucket if you are using AWS storage for Videos for Confluence.


For convenience we have added a button to the AWS storage configuration in Videos for Confluence. The button “Configure CORS” on the tab “Storage configuration” will trigger the appropriate settings for your S3 bucket.

“Configure CORS” button

Case 1: Creating an S3 bucket when configuring AWS storage for Videos for Confluence.

If you create your S3 bucket directly through our app interface, no additional action is required as all required settings will be configured automatically.

Case 2: Using an existing S3 bucket.

If you configure an existing S3 bucket to be used for Videos for Confluence, you will need to press the button once after the storage setup has been concluded.

Case 3: The base URL of your Confluence instance changes.

If the base URL of your Confluence instance changes - what will hopefully happen rather rarely -, you need to readjust the CORS settings by pressing the button once again, as the CORS settings exclusively reference your specific Confluence URL.

If you would like to adjust the settings manually, these are the ones to add in AWS under S3 > Permissions > CORS:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [ { "AllowedHeaders": [ "*" ], "AllowedMethods": [ "GET", "PUT" ], "AllowedOrigins": [ "<domain of your Confluence instance>" ], "ExposeHeaders": [] } ]