Set Cross-Origin Resource Sharing (CORS)

Last Updated: Nov 13, 2017

OSS provides Cross-Origin Resource Sharing (CORS) in the HTML5 protocol to help users achieve cross-origin access. When the OSS receives a cross-origin request (or OPTIONS request), it reads the bucket’s CORS rules and then checks the relevant permissions. The OSS checks each rule sequentially, uses the first rule that matches to approve the request, and returns the corresponding header. If none of the rules match, the OSS does not attach any CORS header.

Procedure

  1. Log on to the OSS console.

  2. In the left-side navigation pane, select the target bucket to open the bucket overview page.

  3. Click Basic Settings.

  4. In the Cross-Origin Resource Sharing (CORS) area, click Edit.

  5. In the cross-origin access page, click Create Rule.

  6. In the Cross-Origin Rules dialog box, configure the following items:

    • Source: Indicates the origins allowed for cross-origin requests. Multiple matching rules are allowed, which are separated by a carriage return. Only one wildcard () are allowed for each matching rule.

    • Allowed Methods: Indicates the allowed cross-origin request methods.

    • Allowed Headers: Indicates the allowed cross-origin request headers. Multiple matching rules are allowed, which are separated by a carriage return. Only one wildcard () are allowed for each matching rule.

    • Exposed Headers: Indicates the response headers that users are allowed to access from an application (e.g., a Javascript XMLHttpRequest object).

    • Cache Time: Indicates the cache time for the returned results of browser prefetch (OPTIONS) requests to a specific resource.

      Note: A maximum of 10 rules can be configured for each bucket.

  7. Click OK to save this rule.

Thank you! We've received your feedback.