Get Bucket cors

Last Updated: Dec 26, 2017

The Get Bucket cors operation is used to obtain the current CORS rules of a specified bucket.

Request syntax

  1. GET /?cors HTTP/1.1
  2. Host:
  3. Date: GMT Date
  4. Authorization: SignatureValue

Response elements

Name Description
CORSRule CORS rule container. Each bucket allows up to 10 rules
Type: container
Parent node: CORSConfiguration
AllowedOrigin The origins allowed for cross-domain requests. Multiple elements can be used to specify multiple allowed origins. Each rule allows up to one wildcard “*“. If “*“ is specified, cross-domain requests of all origins are allowed.
Type: string
Parent node: CORSRule
AllowedMethod Specify the allowed methods for cross-domain requests.
Type: enumeration (GET, PUT, DELETE, POST, HEAD)
Parent node: CORSRule
AllowedHeader Control whether the headers specified by Access-Control-Request-Headers in the OPTIONS prefetch command are allowed. Each header specified by Access-Control-Request-Headers must match a value in AllowedHeader. Each rule allows up to one wildcard “”
Type: string
Parent node: CORSRule
ExposeHeader Specify the response headers allowing users to access from an application (for example, a Javascript XMLHttpRequest object). The wildcard “*“ is not allowed.
Type: string
Parent node: CORSRule
MaxAgeSeconds Specify the cache time for the returned result of a browser prefetch (OPTIONS) request to a specific resource. The unit is seconds. One CORSRule allows not more than one such parameter.
Type: integer
Parent node: CORSRule
CORSConfiguration CORS rule container of a bucket
Type: container
Parent node: none

Detail analysis

  • If a bucket does not exist, the error “404 no content” is returned. Error code: NoSuchBucket.
  • Only the bucket owner can obtain CORS rules. Otherwise, the error 403 Forbidden is returned with the error code: AccessDenied.
  • If CORS rules do not exist, the OSS returns the “404 Not Found” error with the error code: NoSuchCORSConfiguration.


Request example:

  1. Get /?cors HTTP/1.1
  2. Host:
  3. Date: Thu, 13 Sep 2012 07:51:28 GMT
  4. Authorization: OSS qn6qrrqxo2oawuk53otfjbyc: BuG4rRK+zNhH1AcF51NNHD39zXw=

Response example with CORS rules already set:

  1. HTTP/1.1 200
  2. x-oss-request-id: 50519080C4689A033D00235F
  3. Date: Thu, 13 Sep 2012 07:51:28 GMT
  4. Connection: keep-alive
  5. Content-Length: 218
  6. Server: AliyunOSS
  7. <?xml version="1.0" encoding="UTF-8"?>
  8. <CORSConfiguration>
  9. <CORSRule>
  10. <AllowedOrigin>*</AllowedOrigin>
  11. <AllowedMethod>GET</AllowedMethod>
  12. <AllowedHeader>*</AllowedHeader>
  13. <ExposeHeader>x-oss-test</ExposeHeader>
  14. <MaxAgeSeconds>100</MaxAgeSeconds>
  15. </CORSRule>
  16. </CORSConfiguration>
Thank you! We've received your feedback.