Skip to main content
This guide explains what a CORS policy is and how to configure it correctly in AWS, GCP, and Azure. Completing this step ensures that your data assets will render correctly within the Labelbox application.

What is CORS and why is it necessary?

  • The Problem: Modern web browsers enforce a “Same-Origin Policy” to protect you from malicious websites. This policy prevents a web page (like the Labelbox app at https://app.labelbox.com) from making requests to a different domain (like your storage bucket at your-bucket.s3.amazonaws.com).
  • The Solution: A CORS policy is a small configuration file you add to your storage bucket. It acts as a permission slip, telling the browser, “It’s okay to allow requests from https://app.labelbox.com to access files in this bucket.”
When configuring CORS for your cloud storage bucket, you will need to include both of these Labelbox origins: https://app.labelbox.com and https://editor.labelbox.com.

AWS S3

  1. Navigate to your S3 bucket in the AWS Console.
  2. Click the bucket name.
  3. Go to the Permissions tab.
  4. Scroll to the Cross-origin resource sharing (CORS) section, click Edit.
  5. Paste the provided policy into the editor and save.
[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://app.labelbox.com",
            "https://editor.labelbox.com"
        ],
        "ExposeHeaders": []
    }
]
  1. For more details on setting up CORS for your AWS S3 bucket, see these AWS docs.

Google Cloud Storage (GCS)

In the following commands, replace with your own bucket name (ex: gs://my-bucket)
  1. Log in to the Google Cloud Platform console.
  2. Click the Activate Cloud Shell button in the top-right corner to open the Cloud Shell.
  3. In Cloud Shell, create a JSON file containing the CORS configuration by entering the following command:
echo '[{"origin":["https://app.labelbox.com","https://editor.labelbox.com"],"method":["GET"],"responseHeader":["*"]}]' > cors-config.json
  1. Apply the CORS configuration to the bucket using the following command:
gsutil cors set cors-config.json gs://<bucket-name>
  1. Check the CORS configuration using the following command:
gsutil cors get gs://<bucket-name>

Microsoft Azure

  1. Navigate to the your Storage Account in your Azure Portal.
  2. Under Settings, find Resource sharing (CORS).
  3. Select the Blob Service tab.
  4. Fill in the fields: Allowed origins (https'//app.labelbox.com), Allowed methods (GET), etc. and save.

Troubleshooting

Error messageTroubleshooting
Unable to detect proper CORS configurationEnsure your cloud storage bucket has CORS configured with the following origins: https://app.labelbox.com and https://editor.labelbox.com. For more troubleshooting help, see: - AWS troubleshooting CORS - GCS troubleshooting CORS requests - Cross-Origin Resource Sharing (CORS) support for Azure Storage