All Products
Search
Document Center

Object Storage Service:cors-options

Last Updated:Aug 24, 2023

Cross-origin resource sharing (CORS) is a standard cross-origin solution provided by HTML5 to allow web application servers to control cross-origin access. This way, the security of data transmission across origins is ensured. You can run the cors-options command to send HTTP OPTIONS requests to Object Storage Service (OSS) and check whether specific cross-origin requests are allowed.

Note
  • In this topic, the sample command lines are based on the 64-bit Linux system. For other systems, replace ./ossutil64 in the commands with the corresponding binary name. For more information, see ossutil.

  • For more information about how to configure CORS, see cors.

Command syntax

./ossutil64 cors-options oss://bucketname/[objectname]
[--acr-method <value>]
[--origin <value>]
[--acr-headers <value>] 

The following table describes the parameters that you can configure when you run the cors-options command.

Parameter

Description

bucketname

The name of the bucket to access.

objectname

The name of the object to access.

--acr-method

The method that is allowed to use in the request. This parameter specifies the value of the Access-Control-Request-Method request header. Valid values: GET, PUT, POST, DELETE, and HEAD.

--origin

The origins from which you want to allow cross-origin requests. Example: http://www.aliyun.com.

--acr-headers

Specifies the value of the Access-Control-Request-Headers request header. This parameter specifies actual headers except for commonly used headers. You can specify multiple headers in a request. Separate multiple headers with commas (,). Example: --acr-headers "header1,header2,header3".

Examples

You can run the following command to detect whether the examplebucket bucket allows a cross-origin request whose origin is http://www.aliyun.com and request method is PUT:

./ossutil64 cors-options --acr-method  put --origin "http://www.aliyun.com" oss://examplebucket

A similar output is displayed if examplebucket allows the cross-origin request.

Access-Control-Allow-Methods: GET, POST, PUT
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 0

0.079520(s) elapsed

A similar output is displayed if examplebucket denies the cross-origin request.

Error: oss: service returned error: StatusCode=403, ErrorCode=AccessForbidden, ErrorMessage="CORSResponse: This CORS request is not allowed. This is usually
 because the evalution of Origin, request method / Access-Control-Request-Method or Access-Control-Requet-Headers are not whitelisted by the resource's CORS
 spec.", RequestId=60F7F55F553DA2363138****

Common options

If you use ossutil to switch to a bucket that is located in another region, add the -e option to the command to specify the endpoint of the region in which the specified bucket is located. If you use ossutil to switch to a bucket that belongs to another Alibaba Cloud account, you can add the -i option to the command to specify the AccessKey ID of the specified account, and add the -k option to the command to specify the AccessKey secret of the specified account.

To detect whether a bucket named testbucket allows a cross-origin request whose origin is http://www.alibabacloud.com and request method is PUT, run the following command:

./ossutil64 cors-options --acr-method  put --origin "http://www.alibabacloud.com" oss:/testbucket -e oss-cn-hangzhou.aliyuncs.com -i LTAI4Fw2NbDUCV8zYUzA****  -k 67DLVBkH7EamOjy2W5RVAHUY9H****

For more information about other common options that you can use for the cors-options command, see Common options.