This is your daily "I don't understand CORS post". We deployed a static asset to R2 fetched in JS by

This is your daily "I don't understand CORS post". We deployed a static asset to R2 fetched in JS by our site. It was failing when deployed on cors headers so I added a catch all to allow all origins

Unfortunately for some reason this broke my ability to access it from localhost

avatar:1  Access to XMLHttpRequest at 'https://thumbnails.r2.allout.game/playercharacter-21.json' from origin 'http://localhost:3010' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:3010, *', but only one is allowed.

avatar:1  Access to XMLHttpRequest at 'https://thumbnails.r2.allout.game/playercharacter-21.json' from origin 'http://localhost:3010' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:3010, *', but only one is allowed.

avatar:1  Access to XMLHttpRequest at 'https://thumbnails.r2.allout.game/playercharacter-21.json' from origin 'http://localhost:3010' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:3010, *', but only one is allowed.

avatar:1  Access to XMLHttpRequest at 'https://thumbnails.r2.allout.game/playercharacter-21.json' from origin 'http://localhost:3010' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:3010, *', but only one is allowed.

So I added a rule to not include my local IP in this cors rule. Is there any way to do this better so I don't have to keep rotating my local IP in this rule to access it while developing?

Flare•11/21/24, 9:19 PM

Troubleshooting 403 / CORS issues with R2

So, your assets aren't loading because you are getting a CORS error despite having setup everything correctly?
Let's try troubleshooting.

In your browser console, do you see a 401/403 error right above the CORS error? If yes, then you aren't actually dealing with a CORS issue! If you do have a CORS issue, head to the last section.

If you are using a Custom domain

Go to the Network tab and find the failing request (you may need to reload the page, since only requests after opening the developer tools are logged).
You need to check the response headers for the following two headers:

cf-cache-statuscf-cache-status
cf-mitigatedcf-mitigated

### If you have a cf-mitigatedcf-mitigated header

Your request was blocked by one of your WAF rules. Go to Security Events and look for what service blocked your request.

If you don't have a `cf-cache-statuscf-cache-status` header

Your request was blocked by Hotlink Protection.
Go to your dashboard and disable it or write a configuration rule to only disable on your Custom domain

If you are using the S3 API

Your request is very likely incorrectly signed.
Try executing the request via curl to inspect the real response returned by the S3 api and then tackle that issue.
Once your request is correctly signed, you'll receive the proper CORS headers.

If it's actually CORS

Here are some common issues with CORS configurations:

ExposeHeadersExposeHeaders is missing headers like ETagETag
AllowedHeadersAllowedHeaders is missing headers like
```
Authorization
```
```
Authorization
```
or Content-TypeContent-Type
AllowedMethodsAllowedMethods is missing methods like
```
POST
```
```
POST
```
/PUTPUT (you do not need to include OPTIONSOPTIONS)

MattOP•11/21/24, 9:20 PM

I've read through this post and none of the "non cors" paths are hitting. And the "actually cors" section doesn't seem relevant to this error

MMatt This is your daily "I don't understand CORS post". We deployed a static asset to...

Barry_Based_Benson•11/21/24, 9:24 PM

What does your cors config look like on r2

MattOP•11/21/24, 9:37 PM

TIL there there is direct R2 cors config...

MattOP•11/21/24, 9:45 PM

nice, moving the config there worked

MattOP•11/21/24, 9:45 PM

ty!

boldpix•11/22/24, 6:48 PM

Do we need programming knowledge to setup R2/S3?

Whimsy•11/23/24, 9:34 AM

does r2 support lifecycle rules? like delete files after xyz, that match certain prefix

Whimsy•11/23/24, 10:39 AM

is this correct way to do so? cuz like idk it doesnt delete them

Niko•11/23/24, 10:43 AM

Hi! I've been trying to successfully load and play large (300MB-few GB's) files on Safari from R2. While it works perfectly fine on Chromium browsers, safari doesn't load media file.

In network tab I see requests failing.

I tried everything I could find. Bypassing the cache on cloudflare, other stuff found on Cloudflare's Blog.
https://community.cloudflare.com/t/videos-on-website-dont-play-only-affects-ios-users/569261
https://community.cloudflare.com/t/mp4-wont-load-in-safari-using-cloudflare/10587/56

File url: https://cdn.reinspire.io/media/b54e56f3-5ede-4eb3-bb73-60dda6d22c4f

Niko•11/23/24, 10:48 AM

codec_name=av1
codec_type=video
codec_name=aac
codec_type=audio

Niko•11/23/24, 10:50 AM

Okay thanks, I'll try the codecs mentioned above.

Will update here

Niko•11/23/24, 5:59 PM

@Space
File url: https://cdn-staging.reinspire.io/media/avc1-output-2.mp4

codec_name=h264
codec_type=video
codec_name=aac
codec_type=audio

Still can't play. Am I doing smth wrong here

Niko•11/23/24, 6:00 PM

Niko•11/23/24, 6:03 PM

hmmm, how do you test it?

I use vidstack player and it doesn't load file

Niko•11/23/24, 6:08 PM

normal playback works for me too, will experiment with diff players.

I am considering to switch to hls or cloudflare stream thing in future, but now can't do so.

Also any idea why do some range requests fail while others succeed. Looks weird to me

Niko•11/23/24, 6:11 PM

first one is always 2 bytes to test if server supports range request. Here's last one that succeeded with bigger content-length

Niko•11/23/24, 6:21 PM

Hmmm, yeah it works now if I use it like this:
So it's the player thing.

<video
  src="https://cdn-staging.reinspire.io/media/avc1-output-2.mp4"
  controls
>
  Your browser does not support the video tag.
</video>

<video
  src="https://cdn-staging.reinspire.io/media/avc1-output-2.mp4"
  controls
>
  Your browser does not support the video tag.
</video>

Thanks for the help, will explore different players

qu6it•11/23/24, 7:08 PM

Hi,

I'm new to R2 and attempting to integrate with the API. I've written a Node.js script to generate the Authorization header and x-amz-date, and I’ve included the host header as follows:

Headers:
Authorization: AWS4-HMAC-SHA256 Credential=xxxxxx/20241123/default/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=xxxxx
x-amz-date: 20241123T173455Z
Host: https://[accountId].r2.cloudflarestorage.com/[bucketName]

Endpoint:
The URL is constructed as follows, using the PUT HTTP method:
https://[accountID].r2.cloudflarestorage.com/[bucketName]/[objectKey]

When I send the request, I’m encountering the following error:
Error: write EPROTO 1185412057536:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:../../../../src/third_party/boringssl/src/ssl/tls_record.cc:592:SSL alert number 40

I’m wondering if this issue might be related to Cloudflare configuration, such as TLS settings, endpoint restrictions, or something else specific to R2.

Here are a few key details:

I’ve verified that the x-amz-date and Authorization headers are generated based on AWS Signature Version 4 (SigV4) - at least I think I have!!
The x-amz-content-sha256 is set to UNSIGNED-PAYLOAD.
My TLS environment supports versions up to 1.3.
This happens in multiple environments including when using Postman

Has anyone encountered this before?

Whether there are specific configurations or security settings in Cloudflare R2 that might cause this error?
Any additional debugging steps or requirements for establishing the TLS handshake with R2?

Any help would be greatly appreciated!

Original message was deleted

James•11/23/24, 11:27 PM

How often are you reading these files? R2 would work fine, but you might consider KV if the read performance of these is critical https://developers.cloudflare.com/kv/

Original message was deleted

Chaika•11/24/24, 1:08 AM

Why do you think you need so many namespaces? A namespace in KV is just a collection of keys and their values, essentially the same as an R2 bucket. Within each namespace, just like within each bucket, you have Keys (Object Keys in R2) and Values, also both R2 and KV can have metadata alongside as well. If you're doing everything within a single r2 bucket now, you can do it all within a single kv namespace

Original message was deleted

Hello, I’m Allie!•11/24/24, 1:23 AM

No, for example, you could have 23-11-2024 as the key, and your JSON as the value

Hello, I’m Allie!•11/24/24, 1:24 AM

That scales basically as far as you are willing to pay

Chaika•11/24/24, 1:34 AM

if it's still confusing: think of a namespace exactly as an r2 bucket, you throw a bunch of objects (Key-values) into it, each with a unique key/object key. Same structuring as with R2

埃

埃菲尔铁塔•11/24/24, 6:08 AM

Hi all, how will r2 be converted to infrequently accessed buckets after creating a standard bucket, I'm worried that my storage will be automatically converted to infrequently accessed buckets after a period of inaccessibility.

埃埃菲尔铁塔 Hi all, how will r2 be converted to infrequently accessed buckets after creating...

Hello, I’m Allie!•11/24/24, 6:14 AM

It won’t happen automatically, if that is what you mean

Hello, I’m Allie!•11/24/24, 6:14 AM

Infrequent Access will only be applied if you create a rule for it

埃

埃菲尔铁塔•11/24/24, 6:15 AM

I just read somewhere else someone complaining about this who said he seems to have been converted to paying for infrequent access to buckets because of infrequent access to buckets

埃埃菲尔铁塔 I just read somewhere else someone complaining about this who said he seems to h...

Hello, I’m Allie!•11/24/24, 6:18 AM

If it does happen without your input, that would be a pretty major bug, and should be reported

HHello, I’m Allie!If it does happen without your input, that would be a pretty major bug, and shou...

埃

埃菲尔铁塔•11/24/24, 6:24 AM

Let me confirm:

Creating a new bucket in the dash.cloudflare.comdash.cloudflare.com r2 web page, and the default Default Multipart Abort RuleDefault Multipart Abort Rule rule, even if nothing is accessed in it for a few months, will not be automatically converted to an infrequent access bucket.
How do I set up a rule to convert a standard bucket to an infrequent bucket (there doesn't seem to be a rule to add in the web page)

埃埃菲尔铁塔 Let me confirm: - Creating a new bucket in the `dash.cloudflare.com` r2 web page...

Hello, I’m Allie!•11/24/24, 6:31 AM

Yes, assuming you set the default Storage Class to Standard.
Here’s an example via the S3 API: https://developers.cloudflare.com/r2/buckets/object-lifecycles/#s3-api

Cloudflare Docs

Object lifecycles | Cloudflare R2 docs

Object lifecycles determine the retention period of objects uploaded to your bucket and allow you to specify when objects should transition from Standard storage to Infrequent Access storage.

HHello, I’m Allie!1. Yes, assuming you set the default Storage Class to Standard. 2. Here’s an exa...

埃

埃菲尔铁塔•11/24/24, 6:47 AM

I learned more about his problem: using standard buckets but visiting them infrequently, incurring infrequent visit fees
Here's the bill he provided: https://linux.do/uploads/default/original/4X/6/2/8/6280bcc11c013dcc9a685335315f70d4ef7cbd82.png

埃埃菲尔铁塔 I learned more about his problem: using standard buckets but visiting them infre...

Hello, I’m Allie!•11/24/24, 6:54 AM

A Default Standard Bucket can still contain Infrequent Access objects, if that is what you mean

Hello, I’m Allie!•11/24/24, 6:55 AM

Class is applied to individual objects, not the bucket as a whole

Hello, I’m Allie!•11/24/24, 6:55 AM

The toggle is just what the default class is, if you don’t specify one

HHello, I’m Allie!The toggle is just what the default class is, if you don’t specify one

埃

埃菲尔铁塔•11/24/24, 7:13 AM

That is to say, when creating a bucket you can specify Standard storageStandard storage and Infrequent Access storageInfrequent Access storage as the default storage type, but what type of object storage inside the bucket can also be specified when uploading? (Standard bucketsStandard buckets with standard storage typesstandard storage types are created by default on the web side)
In that case, the

Will the storage type of the objects in the bucket be automatically changed (I don't seem to find anything about this in the documentation) (e.g. from Standard storageStandard storage to Infrequent Access storageInfrequent Access storage)
How to query the storage type of the objects in the bucket?
How does the above bill arise?

埃埃菲尔铁塔 That is to say, when creating a bucket you can specify `Standard storage` and `I...

Hello, I’m Allie!•11/24/24, 5:09 PM

By default, no. You can make a bucket auto-switch objects to the other class, but you have to create the rule for it yourself. It will not happen automatically.
Object class is visible in the dashboard, and should also be visible via the S3 API
Not entirely sure what you mean here? As far as I can tell, some of the users objects are Standard Class, and some are IA Class, which is shown in the different line items visible on their bill

HHello, I’m Allie!1. By default, no. You can make a bucket auto-switch objects to the other class,...

埃

埃菲尔铁塔•11/24/24, 5:17 PM

Thank you very much for your reply.

there doesn't seem to be a label in the dashboard that shows which objects are of what type.
i would like to know what actions he might have done that would have resulted in the above bill (e.g. there are rules to convert a Standard Storage Type to an Infrequently Accessed Type)

埃埃菲尔铁塔 Thank you very much for your reply. 2. there doesn't seem to be a label in the d...

Hello, I’m Allie!•11/24/24, 5:20 PM

Click on an object in the dashboard. In the info pane, there should be a label for “Class”
There are three possibilities:
a. The user has a “default IA” bucket
b. The user has a lifecycle rule that converted some of their objects to IA.
c. The user uploaded the object as an IA object manually

HHello, I’m Allie!2. Click on an object in the dashboard. In the info pane, there should be a labe...

埃

埃菲尔铁塔•11/24/24, 5:23 PM

There doesn't seem to be a 'class' tag

Hello, I’m Allie!•11/24/24, 5:25 PM

Let check

Original message was deleted

Erisa•11/24/24, 7:49 PM

GGooningChatter Will there be an Oceania R2 location hint someday to match D1 Oceania location h...

GooningChatter•11/24/24, 7:49 PM

i prophesied this

EErisa Empty message

1984 Ford Laser•11/24/24, 10:49 PM

SICK

Ricky U•11/25/24, 11:04 AM

is r2 globally distributed, with really no egress, what are the limits?

zegevlier•11/25/24, 11:06 AM

These are the limits: https://developers.cloudflare.com/r2/platform/limits/
But note that the files are only in a single location, not in multiple locations

Ricky U•11/25/24, 12:02 PM

I see, are they cached at cf CDN's though automaticly?

Ricky U•11/25/24, 1:19 PM

I see, so main benefit here is no egress, is their a FUP (fair use policy for egress, yes all legal, documents, just want to know before we migrate from other clouds.)

This is your daily "I don't understand CORS post". We deployed a static asset to R2 fetched in JS by

Troubleshooting 403 / CORS issues with R2

If you are using a Custom domain

If you don't have a `cf-cache-statuscf-cache-status` header

If you are using the S3 API

If it's actually CORS

Similar Threads

Similar Threads

Troubleshooting 403 / CORS issues with R2

If you are using a Custom domain

If you don't have a
`cf-cache-status`
`cf-cache-status`
`cf-cache-status`
`cf-cache-status` header

If you are using the S3 API

If it's actually CORS

Similar Threads

This is your daily "I don't understand CORS post". We deployed a static asset to R2 fetched in JS by

Troubleshooting 403 / CORS issues with R2

If you are using a Custom domain

If you don't have a cf-cache-statuscf-cache-status header

If you are using the S3 API

If it's actually CORS

Similar Threads

Similar Threads

Troubleshooting 403 / CORS issues with R2

If you are using a Custom domain

If you don't have a cf-cache-statuscf-cache-statuscf-cache-statuscf-cache-status header

If you are using the S3 API

If it's actually CORS

Similar Threads

If you don't have a `cf-cache-statuscf-cache-status` header

If you don't have a
`cf-cache-status`
`cf-cache-status`
`cf-cache-status`
`cf-cache-status` header