The OSS provides Cross-Origin Resource Sharing (CORS) in the HTML5 protocol to help users achieve cross-origin access. When the OSS receives a cross-origin request (or OPTIONS request), it reads the bucket’s CORS rules and then check the relevant permissions. The OSS checks each rule sequentially, uses the first rule that matches to approve the request, and returns the corresponding header. If none of the rules match, the OSS does not attach any CORS header.

Operation procedure

1. Go to the OSS Console.

2. Select a bucket to open the bucket overview page.

3. Select Bucket Properties > CORS.

4. Click Add Rules. The Cors rule setting dialog box is displayed.

5. Configure the CORS rule in the dialog box. A maximum of 10 rules can be configured for each bucket.
   

   • Source: Indicates the origins allowed for cross-origin requests. Multiple matching rules are allowed, which are separated by a carriage return. Each matching rule allows up to one “*“ wildcard.
   • Method: Indicates the allowed cross-origin request methods.
   • Allowed Header: Indicates the allowed cross-origin request headers. Multiple matching rules are allowed, which are separated by a carriage return. Each matching rule allows up to one “*“ wildcard.
   • Expose Header: Indicates the response headers users are allowed to access from an application (e.g., a Javascript XMLHttpRequest object).
   • Cache Time: Indicates the cache time for the returned results of browser prefetch (OPTIONS) requests to a specific resource.

6. Click OK to save this rule. You can also edit or delete the configured rules.