How to configure CORS on S3 Bucket to enable access via ReplayWeb.Page

Hello all,

I’d like to be able to share web archives stored in a public S3 Bucket via but I’m having difficulty configuring the permissions in the Console.

Specifically, I’m struggling to define the rules in the Bucket Policy and Cross-origin resource sharing (CORS) entry fields.

I’ve input the following: 1. Bucket Policy

“Version”: “2012-10-17”,
“Id”: “Policy1612453220504”,
“Statement”: [
“Sid”: “AddPerm”,
“Effect”: “Allow”,
“Principal”: {
“AWS”: “*”
“Action”: “s3:GetObject”,
“Resource”: “arn:aws:s3:::/.warc”

  1. Cross-origin resource sharing (CORS)

“AllowedHeaders”: [],
“AllowedMethods”: [
“AllowedOrigins”: [
“ExposeHeaders”: []

Alas, no luck yet. Wonder if anyone can help/offer any guidance?

Thank you! Anisa

1 Like

the following works for me

        "AllowedHeaders": [
        "AllowedMethods": [
        "AllowedOrigins": [
        "ExposeHeaders": []

try with AllowedHeaders": ["*"]

1 Like

ciao @Anisa
i’ve seen your question in the call

maybe the problem is not only CORS, but the object that is not public (or the IAM policy is not correctly applied).
would you mind to check if you can reach the public object url?
or try to Make Public from Object Actions

unfortunately AWS introduce a lot of friction also for a simple thing like this, publishing on HTTP

1 Like

Here is the bucket policy I use on DigitalOcean as XML.
I think the ExposeHeaders are necessary to be able to load range requests:


For this setting, you can try:

"ExposeHeaders": ["Content-Range", "Content-Encoding", "Content-Length"]

@Anisa hopefully this works, and we should definitely add it to the docs so that everyone using S3-like storage has these settings!

1 Like