This is part of the writeup on Using Google Cloud Storage with Apps Script. By now you should have completed all the steps in Setting up or creating a console project, Enabling APIs and OAuth2 and Using the service account to enable access to cloud storage and now have a project and credentials you can use to create your storage buckets. You can also read more about the background of how all this works at GcsStore overview – Google Cloud Storage and Apps Script and see some examples at GcsStore examples


If you are accessing Google Store objects (perhaps created with Apps Script) from client apps, then you are likely to run into Cross Origin Resource sharing problems. For more info on what this is see Cross Origin Resource sharing (CORS)

One way of getting round this is to create as proxy as described in Apps Script as a proxy, but this introduces a double hop for your data and another dependency. Google Cloud storage supports CORS, so you can use the GcsStore library to easily set that up from Apps Script.

Some examples

One of the places you’ll find this handy is if you use or some other tools like that to test your client code. If you try to access data stored on google cloud storage, you’ll get the usual cross-domain origin error reported. We’ll use codepen as an example.

Write some data

This could be any kind of data, but for the test we’ll just write an object and pick it up from CodePen. I’m assuming you’re already familiar with GcsStore and have taklen care of setting up authentication as described in Setting up or creating a console project, Enabling APIs and OAuth2

Getting started

Let’s, first of all, initialize GcsStore on the bucket we’re sharing, using this code, changing the bucket name to yours.

Now we’ll write some data, to a particular folder, set it for public sharing, and get its public url

That will create this object in the cloud store

and log its public link

Disabling CORS

Disabling cors is easy – just call patchCors() with no arguments

You’ll get this logged

Allow to access this bucket for GET operations


Client side Cors

Here’s how to use CORS with plain JavaScript. The example is in the codepen below

And reproduced here.

As you can see, I can now access my data from another domain without needing to use a proxy.

Setting multiple origins and other options

GcsStore provides various defaults to simplify the setting of cors attributes. However you can get more complicated by providing some or all of the cors resource described here.

Some examples


This is how long the CORS preflight conversation is valid for. This means that you can disable CORS and find you can still access it for while. If you are debugging, it’s worth setting this to a lower number to clear previous settings still alive by virtue of the maxAgeSeconds property they were initiated with.

For more like this see Google Apps Scripts Snippets
Why not join our forum, follow the blog or follow me on twitter to ensure you get updates when they are available.