Update CORS config to the one that Uppy recommends

We also switch to the raw XML format, as I think it's easy enough to make the update through the AWS S3 Console after all. Closes #1

Update CORS config to the one that Uppy recommends
a75107b1 · Janko Marohnić · 9fa42251 · a75107b1
Unverified Commit a75107b1 authored Sep 09, 2018 by Janko Marohnić
Show whitespace changes
Inline Side-by-side

Showing with 30 additions and 24 deletions

README.md README.md +30 -24

No files found.
--- a/README.md
+++ b/README.md
@@ -15,32 +15,38 @@ gem "uppy-s3_multipart"

 ## Setup

-Once you've created your S3 bucket, you need to set up CORS for it. The
-following script sets up minimal CORS configuration needed for multipart
-uploads on your bucket using the `aws-sdk-s3` gem:
-
-```rb
-require "aws-sdk-s3"
-
-client = Aws::S3::Client.new(
-  access_key_id:     "<YOUR KEY>",
-  secret_access_key: "<YOUR SECRET>",
-  region:            "<REGION>",
-)
-
-client.put_bucket_cors(
-  bucket: "<YOUR BUCKET>",
-  cors_configuration: {
-    cors_rules: [{
-      allowed_headers: ["Authorization", "Content-Type", "Origin", "ETag"],
-      allowed_methods: ["GET", "POST", "PUT", "DELETE"],
-      allowed_origins: ["*"],
-      max_age_seconds: 3000,
-    }]
-  }
-)
+In order to allow direct multipart uploads to your S3 bucket, we need to update
+the bucket's CORS configuration. In the AWS S3 Console go to your bucket, click
+on "Permissions" tab and then on "CORS configuration". There paste in the
+following:
+
+```xml
+<?xml version="1.0" encoding="UTF-8"?>
+<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+  <CORSRule>
+    <AllowedOrigin>https://my-app.com</AllowedOrigin>
+    <AllowedMethod>GET</AllowedMethod>
+    <AllowedMethod>POST</AllowedMethod>
+    <AllowedMethod>PUT</AllowedMethod>
+    <MaxAgeSeconds>3000</MaxAgeSeconds>
+    <AllowedHeader>Authorization</AllowedHeader>
+    <AllowedHeader>x-amz-date</AllowedHeader>
+    <AllowedHeader>x-amz-content-sha256</AllowedHeader>
+    <AllowedHeader>content-type</AllowedHeader>
+    <ExposeHeader>ETag</ExposeHeader>
+  </CORSRule>
+  <CORSRule>
+    <AllowedOrigin>*</AllowedOrigin>
+    <AllowedMethod>GET</AllowedMethod>
+    <MaxAgeSeconds>3000</MaxAgeSeconds>
+  </CORSRule>
+</CORSConfiguration>
 ```

+Replace `https://my-app.com` with the URL to your app (in development you can
+set this to `*`). Once you've clicked `Save`, it may take some time for the
+new CORS settings to be applied.
+
 ## Usage

 This gem provides a Rack application that you can mount inside your main