Configure CORS for web - tutorial

The Appgyver documentation gives brief details on the CORS configuration.
Then the Firebase doc gives a little more details.
This is how to implement it step by step (credit : Dis_Pro on Stackoverflow):

Login to your google cloud console: Google Cloud Platform and Click on “Activate Google Cloud Shell” in the upper right corner.

At the bottom of your window, a shell terminal will be shown, where gcloud and gsutil are already available. Execute the command shown below. It creates a json file which is needed to setup the cors-configuration for your bucket. This configuration will allow every domain to access your bucket using XHR-Requests in the browser:

echo '[{"origin": ["*"],"responseHeader": ["Content-Type"],"method": ["GET", "HEAD"],"maxAgeSeconds": 3600}]' > cors-config.json

If you want to restrict the access one or more specific domains, add their URL to the array, e.g.:

echo '[{"origin": [""],"responseHeader": ["Content-Type"],"method": ["GET", "HEAD"],"maxAgeSeconds": 3600}]' > cors-config.json

Replace YOUR_BUCKET_NAM E with your actual bucketname in the following command to update the cors-settings from your bucket

gsutil cors set cors-config.json gs://YOUR_BUCKET_NAME

To check if everything worked as expected, you can get the cors-settings of a bucket with the following command:

gsutil cors get gs://YOUR_BUCKET_NAME