You can call this operation to query the cross-origin resource sharing (CORS) rules configured for a specific bucket.

Request structure

GET /? cors HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

Request headers

GetBucketCors requests contain only commend request headers. For more information, see Common request headers.

Response elements

Element Type Description
CORSRule Container

The container that stores CORS rules. Up to 10 rules can be configured for a bucket.

Parent node: CORSConfiguration

AllowedOrigin String

The sources from which cross-origin requests are allowed. If AllowedOrigin is set to an asterisk (*), cross-origin requests from all sources are allowed.

Parent node: CORSRule

AllowedMethod Enumeraation (GET, PUT, DELETE, POST, and HEAD)

The cross-origin request methods that are allowed.

Parent node: CORSRule

AllowedHeader String

Indicates whether the headers specified by Access-Control-Request-Headers in the OPTIONS preflight request are allowed. Each header specified by Access-Control-Request-Headers must match the value of an AllowedHeader element.

Parent node: CORSRule

ExposeHeader String

The response headers for allowed access requests from applications, such as an XMLHttpRequest object in JavaScript.

Parent node: CORSRule

MaxAgeSeconds Integer

Indicates the period of time within which the browser can cache the response for an OPTIONS preflight request to specific resources. A CORS rule can contain only one MaxAgeSeconds parameter.

Unit: seconds

Parent node: CORSRule

CORSConfiguration Container

The container that stores the CORS rules configured for a bucket.

Parent node: none

Examples

Sample request

Get /? cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com  
Date: Thu, 13 Sep 2012 07:51:28 GMT
Authorization: OSS qn6qrrqxo2oawuk53otfjbyc: BuG4rRK+zNhH1AcF51NNHD39****

Sample response

HTTP/1.1 200
x-oss-request-id: 50519080C4689A033D00****
Date: Thu, 13 Sep 2012 07:51:28 GMT
Connection: keep-alive
Content-Length: 218  
Server: AliyunOSS
<? xml version="1.0" encoding="UTF-8"? >
<CORSConfiguration>
    <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <AllowedHeader>*</AllowedHeader>
      <ExposeHeader>x-oss-test</ExposeHeader>
      <MaxAgeSeconds>100</MaxAgeSeconds>
    </CORSRule>
</CORSConfiguration>

SDK

You can use OSS SDKs for the following programming languages to call GetBucketCors:

Error codes

Error code HTTP status code Description
NoSuchBucket 404 The error message returned because the specified bucket does not exist.
NoSuchCORSConfiguration 404 The error message returned because the specified CORS rule does not exist.
AccessDenied 403 The error message returned because you are not authorized to perform this operation. Only the owner of a bucket can query the CORS rules configured for the bucket.