Allow Browser Uploads by Setting a CORS Policy
r2
// what it does
Applies a CORS ruleset from a JSON file (an array of rules with `AllowedOrigins`, `AllowedMethods`, `AllowedHeaders`). You need this whenever a browser talks to R2 directly — presigned-URL uploads or fetches from your frontend origin against a public/custom domain.
// shell
$ wrangler r2 bucket cors set my-bucket --file=./cors.json$ wrangler r2 bucket cors list my-bucket// gotcha
If the request's origin isn't in `AllowedOrigins`, the browser blocks the PUT/GET with a CORS error even though R2 itself is fine. Policy changes can take a short time to propagate.