You can call this operation to query the current cross-origin resource sharing (CORS) rules of a specific bucket.

Request syntax

GET /? cors HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

Response elements

Element Type Description
CORSRule Container

Indicates the container that stores CORS rules. A maximum of 10 rules can be configured for a bucket.

Parent node: CORSConfiguration

AllowedOrigin String

Indicates the sources from which cross-origin requests are allowed. If AllowedOrigin is set to an asterisk (*), cross-origin requests from all sources are allowed.

Parent node: CORSRule

AllowedMethod Enumeration (GET, PUT, DELETE, POST, and HEAD)

Indicates the cross-origin request methods that are allowed.

Parent node: CORSRule

AllowedHeader String

Indicates whether the headers specified by Access-Control-Request-Headers in the OPTIONS prefetch command are allowed. Each header specified by Access-Control-Request-Headers must match a value of AllowedHeader.

Parent node: CORSRule

ExposeHeader String

Indicates the response headers for allowed access requests from applications, such as a JavaScript XMLHttpRequest object.

Parent node: CORSRule

MaxAgeSeconds Integer

Indicates the period of time that the browser can cache the response to a preflight (OPTIONS) request to a specific resource. Only one MaxAgeSeconds parameter is allowed in one CORS rule.

Unit: seconds

Parent node: CORSRule

CORSConfiguration Container

Indicates the container that stores the CORS rules for a bucket.

Parent node: none

Examples

Sample requests

Get /? cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com  
Date: Thu, 13 Sep 2012 07:51:28 GMT
Authorization: OSS qn6qrrqxo2oawuk53otfjbyc: BuG4rRK+zNhH1AcF51NNHD39****

Sample responses

HTTP/1.1 200
x-oss-request-id: 50519080C4689A033D00****
Date: Thu, 13 Sep 2012 07:51:28 GMT
Connection: keep-alive
Content-Length: 218  
Server: AliyunOSS
<? xml version="1.0" encoding="UTF-8"? >
<CORSConfiguration>
    <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <AllowedHeader>*</AllowedHeader>
      <ExposeHeader>x-oss-test</ExposeHeader>
      <MaxAgeSeconds>100</MaxAgeSeconds>
    </CORSRule>
</CORSConfiguration>

SDKs

The SDKs of the GetBucketCORS operation for various programming languages are as follows:

Error codes

Error code HTTP status code Description
NoSuchBucket 404 The error message returned because the specified bucket does not exist.
NoSuchCORSConfiguration 404 The error message returned because the specified CORS rule does not exist.
AccessDenied 403 The error message returned because you are not authorized to perform this operation. Only the owner of a bucket can query the CORS rules configured for the bucket.