Obtains the current CORS rules for a specified bucket.

Request syntax

GET /?cors HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

Response elements

Element Type  Description
CORSRule Container Indicates the container that stores CORS rules. A maximum of 10 rules can be set for a bucket.

Parent node: CORSConfiguration

AllowedOrigin String Indicates the allowed origins from which the cross-domain requests are initiated. You can use multiple elements to specify multiple allowed origins. Each rule allows up to one wildcard (*), which indicates that cross-domain requests from all origins are allowed.

Parent node: CORSRule

AllowedMethod Enumeration (GET, PUT, DELETE, POST, HEAD) Indicates the allowed methods for cross-domain requests.

Parent node: CORSRule

AllowedHeader String Controls whether the headers specified by Access-Control-Request-Headers in the OPTIONS prefetch command are allowed. Each header specified by Access-Control-Request-Headers must match a value in AllowedHeader. Each rule allows up to one wildcard (*). 

Parent node: CORSRule

ExposeHeader String Indicates the response headers that can be accessed by from an application (for example, a Javascript XMLHttpRequest object). The wildcard (*) is not allowed. 

Parent node: CORSRule

MaxAgeSeconds Integer Indicates the cache time (in seconds) of a browser used to respond a prefetch (OPTIONS) request to a specific resource. Only one of this parameter is allowed in a CORSRule.

Parent node: CORSRule

CORSConfiguration Container Indicates the container that stores the CORS rules for a bucket.

Parent node: None

Detail analysis 

  • If the requested bucket does not exist, the 404 No Content error is returned with the error code: NoSuchBucket.
  • Only the owner of a bucket owner can obtain the CORS rules for the bucket. Otherwise, the 403 Forbidden error is returned with the error code: AccessDenied.
  • If CORS rules for the requested bucket do not exist, the 404 Not Found error is returned with the error code: NoSuchCORSConfiguration.

Example

Request example:

GET /? cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com  
Date: Thu, 13 Sep 2012 07:51:28 GMT
Authorization: OSS qn6qrrqxo2oawuk53otfjbyc: BuG4rRK+zNhH1AcF51NNHD39zXw=

Response example returned when CORS rules are configured for the bucket:

HTTP/1.1 200
x-oss-request-id: 50519080C4689A033D00235F
Date: Thu, 13 Sep 2012 07:51:28 GMT
Connection: keep-alive
Content-Length: 218  
Server: AliyunOSS

<? xml version="1.0" encoding="UTF-8"? >
<CORSConfiguration>
    <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <AllowedHeader>*</AllowedHeader>
      <ExposeHeader>x-oss-test</ExposeHeader>
      <MaxAgeSeconds>100</MaxAgeSeconds>
    </CORSRule>
</CORSConfiguration>