CORS issue using s3 with self hosted instance

I self-hosted asciinema on, set the s3 env variables, recording and uploading works. Playing the cast gives me this emoji :boom:. The issue? Well, in the console, it says it’s a CORS problem.

Access to fetch at '' 
(redirected from '<secret>.cast') from origin 
'' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Has anyone faced this before? A few things come to mind:

  1. public vs private bucket? But I set up the bucket access keys and secret.
  2. I am using’s new s3-compatible storage. Maybe it’s on their end.
  3. before switching to s3, I was mounting a local directory (things were playing), so it’s switching to s3 that caused the problem.

Things i have done:

  • I tested the s3 link, and I can download or access the file by clicking on the same link with the CORS issue.
  • I explored the self hosted docs and all the other docs for cors related and searched here no luck
  • Perhaps i need to setup Custom TLS certificate as the docs say?

I don’t think custom TLS cert would help here. The error message you pasted refers to the missing Access-Control-Allow-Origin header on responses from Fly. Ideally, you would add your asciinema server domain as allowed origin in Fly’s bucket configuration, but I’m not familiar with Fly and not sure if they support this.