• Login to Amazon S3 Console: https://console.aws.amazon.com/s3/home.
  • Locate your bucket, then click on the same. On clicking, the right pane will show properties for that bucket. Expand Permissions, Click "Edit CORS Configuration" and update CORS to allow force.com.
  • Add the following JSON snippet:
  • [
      {
        "AllowedHeaders": [
          "*"
        ],
        "AllowedMethods": [
          "PUT",
          "POST",
          "DELETE"
        ],
        "AllowedOrigins": [
          "*.force.com"
        ],
        "ExposeHeaders": [
          "ETag",
          "x-amz-meta-custom-header"
        ]
      },
      {
        "AllowedHeaders": [
          "*"
        ],
        "AllowedMethods": [
          "PUT",
          "POST",
          "DELETE"
        ],
        "AllowedOrigins": [
          "*.visualforce.com"
        ],
        "ExposeHeaders": [
          "ETag",
          "x-amz-meta-custom-header"
        ]
      },
      {
        "AllowedHeaders": [],
        "AllowedMethods": [
          "GET"
        ],
        "AllowedOrigins": [
          "*"
        ],
        "ExposeHeaders": [
          "ETag"
        ]
      }
    ]

    Or you can add in the following XML format:

  • <?xml version="1.0" encoding="UTF-8"?>
    <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
       <CORSRule>
          <AllowedOrigin>*.force.com</AllowedOrigin>
          <AllowedOrigin>*.visualforce.com</AllowedOrigin>
          <AllowedMethod>PUT</AllowedMethod>
          <AllowedMethod>POST</AllowedMethod>
          <AllowedMethod>DELETE</AllowedMethod>
          <AllowedMethod>GET</AllowedMethod>
          <ExposeHeader>ETag</ExposeHeader>
          <ExposeHeader>x-amz-meta-custom-header</ExposeHeader>
          <AllowedHeader>*</AllowedHeader>
       </CORSRule>
    </CORSConfiguration>


  • For more info click here