Amazon S3 gets CORS support
Amazon has enabled CORS (Cross Origin Resource Sharing) with its Amazon S3 cloud storage service. CORS allows the creation of applications that make requests of domains other than the one that originally served them up. Normally, this kind of operation is halted by the "same origin policy" designed to stop applications loading potentially malicious code from other sites.
The CORS specification allows a developer to create a server configuration file which can override the same origin policy on a domain-specific basis. One example of its use would be to allow an HTML5 application with drag and drop to upload and download user content onto S3; previously a proxy server would have had to be used to get an upload and transfer it to S3.
To configure CORS on S3, Amazon now includes an editor in the AWS Management Console for CORS configuration files, which can be assigned to a bucket and configure access to the storage service. The configuration can also be accessed through the S3 API. For example, a configuration could allow only applications downloaded from www.example.com to PUT, POST and DELETE, while allowing any domain to perform a GET. CORS files also support a range of other options regarding headers and caching.