🐛 BUG: Wrangler fails to validate R2 cors file properly and should error more helpfully

[unknownterritory]

Which Cloudflare product(s) does this pertain to?

R2, Wrangler

What versions are you using?

4.0.0

What operating system and version are you using?

Linux POP!_OS 22.04 LTS

Please provide a link to a minimal reproduction

No response

Describe the Bug

1. Create a bucket using wrangler r2 bucket create <your-bucket-name>
2. Create a cors.json file with your policy.
3. Set the CORS policy into the bucket with wrangler r2 bucket cors set test-bucket --file cors.json

The policy file contains the following:

{
	"rules": [
		{
			"AllowedOrigins": [
				"http://example.com"
			],
			"AllowedMethods": ["GET", "HEAD", "PUT", "POST", "DELETE"],
			"AllowedHeaders": [
				"Authorization",
				"Content-Type",
				"Cache-Control",
				"X-Requested-With"
			],
			"ExposeHeaders": [
				"ETag",
				"Content-Type",
				"Content-Length",
				"Content-Range"
			],
			"MaxAgeSeconds": 3600
		}
	]
}

I used the directive "rules" and not "CORSRules" by indication of wrangler that would throw an error about it otherwise.

The error also happened with the previous version of wrangler: 3.114.1

Please provide any relevant error logs

✘ [ERROR] A request to the Cloudflare API (/accounts/5dfb5fba4b0.../r2/buckets/test-bucket/cors) failed.

  The JSON you provided was not well formed. [code: 10040]

[thekiharani]

Same ERROR here, using wrangler 4.2.0

[Schachte]

Try the following format matching the docs

❯ npx wrangler r2 bucket cors set testbucket2 --file rules.json

 ⛅️ wrangler 4.6.0
------------------

✔ Are you sure you want to overwrite the existing CORS configuration for bucket 'testbucket2'? … yes
Setting CORS configuration (1 rules) for bucket 'testbucket2'...
✨ Set CORS configuration for bucket 'testbucket2'.

npx wrangler r2 bucket cors set testbucket2 --file rules.json

rules.json

{
  "rules": [
    {
      "allowed": {
        "origins": ["https://example.com"],
        "methods": ["GET", "HEAD"],
        "headers": ["range", "if-match"]
      },
      "exposeHeaders": ["etag"],
      "maxAgeSeconds": 3000
    }
  ]
}

[Schachte]

In your case, you'd have a rules JSON matching the following:

{
  "rules": [
    {
      "allowed": {
        "origins": ["http://example.com"],
        "methods": ["GET", "HEAD", "PUT", "POST", "DELETE"],
        "headers": [
          "Authorization",
          "Content-Type",
          "Cache-Control",
          "X-Requested-With"
        ]
      },
      "exposeHeaders": [
        "ETag",
        "Content-Type",
        "Content-Length",
        "Content-Range"
      ],
      "maxAgeSeconds": 3600
    }
  ]
}

[dario-piotrowicz]

Thanks for the issue @unknownterritory 🙂

I can definitely see something wrong going here, wrangler does force you to add rules but you can't even set those in the dashboard AFAICT:

We'll look into the issue whenever we can

[janzheng]

FYI your docs are wrong here

https://developers.cloudflare.com/r2/buckets/cors/#example