docs: add cors config (HumanSignal#2550)

docs/source/guide/persistent_storage.md

@@ -24,6 +24,38 @@ Start by [creating an S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/use
 
 > If you want to secure the data stored in the S3 bucket at rest, you can [set up default server-side encryption for Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html) following the steps in the Amazon Simple Storage Service User Guide. 
 
+### Optional: Configure CORS for the S3 bucket
+
+> In the case if you're going to use direct file upload feature and store media files like audio, video, csv you should complete this step.
+
+Set up Cross-Origin Resource Sharing (CORS) access to your bucket. See [Configuring cross-origin resource sharing (CORS)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html) in the Amazon S3 User Guide. Use or modify the following example:
+```json
+[
+   {
+      "AllowedHeaders": [
+         "*"
+      ],
+      "AllowedMethods": [
+         "GET",
+         "POST",
+         "PATCH",
+         "PUT",
+         "DELETE",
+         "OPTIONS"
+      ],
+      "AllowedOrigins": [
+         "*"
+      ],
+      "ExposeHeaders": [
+         "x-amz-server-side-encryption",
+         "x-amz-request-id",
+         "x-amz-id-2"
+      ],
+      "MaxAgeSeconds": 3600
+   }
+]
+```
+
 ### Configure the S3 bucket
 After you create an S3 bucket, set up the necessary IAM permissions to grant Label Studio Enterprise access to your bucket. There are four ways that you can manage access to your S3 bucket:
 - Set up an **IAM role** with an OIDC provider (**recommended**).
@@ -298,6 +330,27 @@ Set up Google Cloud Storage (GCS) as the persistent storage for Label Studio Ent
       - Value: `projects/_/buckets/heartex-example-bucket-123456`
     - Or, **use a Common Expression Language** (CEL) to specify an IAM condition. For example, set the following: `resource.name.startsWith('projects/_/buckets/heartex-example-bucket-123456')`. See [CEL for Conditions in Overview of IAM Conditions](https://cloud.google.com/iam/docs/conditions-overview#cel) in the Google Cloud Storage guide. 
 
+### Optional: Configure CORS for the GCS bucket
+
+> In the case if you're going to use direct file upload feature and store media files like audio, video, csv you should complete this step.
+
+Set up CORS access to your bucket. See [Configuring cross-origin resource sharing (CORS)](https://cloud.google.com/storage/docs/configuring-cors#configure-cors-bucket) in the Google Cloud User Guide. Use or modify the following example:
+```shell
+echo '[
+   {
+      "origin": ["*"],
+      "method": ["GET","POST","PATCH","PUT","DELETE","OPTIONS"],
+      "responseHeader": ["Content-Type"],
+      "maxAgeSeconds": 3600
+   }
+]' > cors-config.json
+```
+
+Replace `YOUR_BUCKET_NAME` with your actual bucket name in the following command to update CORS for your bucket:
+```shell
+gsutil cors set cors-config.json gs://YOUR_BUCKET_NAME
+```
+
 ### Configure the GCS bucket
 
 You can connect Label Studio Enterprise to your GCS bucket using **Workload Identity** or **Access keys**.
@@ -448,6 +501,24 @@ az storage container create --name <YOUR_CONTAINER_NAME> \
           --account-key "<YOUR_STORAGE_KEY>"
 ```
 
+### Optional: Configure CORS for the Azure bucket
+
+> In the case if you're going to use direct file upload feature and store media files like audio, video, csv you should complete this step.
+
+Set up CORS access to your bucket. See [Configuring cross-origin resource sharing (CORS)](https://docs.microsoft.com/en-us/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services#enabling-cors-for-azure-storage) in the Azure User Guide. Use or modify the following example:
+
+```xml
+<Cors>
+    <CorsRule>  
+        <AllowedOrigins>*</AllowedOrigins>  
+        <AllowedMethods>GET,POST,PATCH,PUT,DELETE,OPTIONS</AllowedMethods>  
+        <AllowedHeaders>x-ms-blob-content-type</AllowedHeaders>  
+        <ExposedHeaders>x-ms-*</ExposedHeaders>  
+        <MaxAgeInSeconds>3600</MaxAgeInSeconds>  
+    </CorsRule>  
+<Cors>
+```
+
 ### Configure the Azure container
 
 You can connect Label Studio Enterprise to your Azure container using account keys in Kubernetes or account keys in Docker Compose. Choose the option relevant to your Label Studio Enterprise deployment.