The OSS provides Cross-Origin Resource Sharing (CORS) in the HTML5 protocol to help users achieve cross-origin access. When the OSS receives a cross-origin request (or OPTIONS request), it reads the bucket’s CORS rules and then checks the relevant permissions. The OSS checks each rule sequentially, uses the first rule that matches to approve the request, and returns the corresponding header. If none of the rules match, the OSS does not attach any CORS header.
Log on to the OSS console.
Select a bucket to open the Bucket Overview page.
In the left-side navigation pane, select Bucket Settings > CORS.
Click Add Rule. The Set CORS Rule dialog box is displayed.
Configure the CORS rule in the dialog box. A maximum of 10 rules can be configured for each bucket.
- Source: Indicates the origins allowed for cross-origin requests. Multiple matching rules are allowed, which are separated by a carriage return. Each matching rule allows up to one “*“ wildcard.
- Method: Indicates the allowed cross-origin request methods.
- Allowed Header: Indicates the allowed cross-origin request headers. Multiple matching rules are allowed, which are separated by a carriage return. Each matching rule allows up to one “*“ wildcard.
- Cache Time: Indicates the cache time for the returned results of browser prefetch (OPTIONS) requests to a specific resource.
Click OK to save this rule. You can also edit or delete the configured rules.