The HCP implementation of CORS has several limits.
Maximum size of a CORS policy
A CORS rules configuration in HCP can have any number of CORSRule, AllowedMethod, AllowedOrigin, and AllowedHeader elements. However, the maximum size of the CORS configuration cannot exceed 2.5 MB.
Unsupported namespace names for preflighted CORS requests
To safeguard an HCP instance, HCP does not support preflighted CORS requests for namespaces with path-style and virtual-path URLs that include the following reserved keywords:
- rest
- webdav
- fcfs_data
- browser
- hs3
- swift
Tenant-level API calls not supported
CORS does not support tenant-level API calls (S3 compatible API, REST API, HCP management API).