edit-icon download-icon

CORS

Last Updated: Aug 08, 2018

Cross-origin resource sharing (CORS) allows web applications to access resources that belong to another region. OSS provides CORS APIs for convenient cross-origin access control.

For more information, see Cross-origin resource sharing and PutBucketcors in OSS Developer Guide.

Configure CORS rules

Use the following code to configure CORS rules for the specified bucket:

  1. // This example uses endpoint China (Hangzhou). Specify the actual endpoint based on your requirements.
  2. String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
  3. // It is highly risky to log on with AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM account, log on to https://ram.console.aliyun.com.
  4. String accessKeyId = "<yourAccessKeyId>";
  5. String accessKeySecret = "<yourAccessKeySecret>";
  6. String bucketName = "<yourBucketName>";
  7. // Create an OSSClient instance.
  8. OSSClient ossClient = new OSSClient(endpoint, accessKeyId, accessKeySecret);
  9. SetBucketCORSRequest request = new SetBucketCORSRequest(bucketName);
  10. // Create a CORS rule. A maximum of 10 rules can be configured for each bucket.
  11. ArrayList<CORSRule> putCorsRules = new ArrayList<CORSRule>();
  12. CORSRule corRule = new CORSRule();
  13. ArrayList<String> allowedOrigin = new ArrayList<String>();
  14. // Specify the source of the cross-origin access request.
  15. allowedOrigin.add( "http://www.b.com");
  16. ArrayList<String> allowedMethod = new ArrayList<String>();
  17. // Specify the cross-region request methods (GET, PUT, DELETE, POST, and HEAD) that are allowed.
  18. allowedMethod.add("GET");
  19. ArrayList<String> allowedHeader = new ArrayList<String>();
  20. // Specify whether the header specified in Access-Control-Request-Headers of pre-flight request (OPTIONS) is allowed.
  21. allowedHeader.add("x-oss-test");
  22. ArrayList<String> exposedHeader = new ArrayList<String>();
  23. // Specify the response header that allows user access from applications.
  24. exposedHeader.add("x-oss-test1");
  25. AllowedOrigins and AllowedMethods allow only one wildcard asterisk (*). Wildcard asterisks (*) indicate that all sources of the cross-origin requests and operations are allowed.
  26. corRule.setAllowedMethods(allowedMethod);
  27. corRule.setAllowedOrigins(allowedOrigin);
  28. // AllowedHeaders and ExposeHeaders do not allow wildcard asterisks (*).
  29. corRule.setAllowedHeaders(allowedHeader);
  30. corRule.setExposeHeaders(exposedHeader);
  31. // Specify the cache time (seconds) for the response of browser pre-flight (OPTIONS) requests to a specific resource.
  32. corRule.setMaxAgeSeconds(10);
  33. // A maximum of 10 rules is allowed.
  34. putCorsRules.add(corRule);
  35. // The existing rules will be replaced.
  36. request.setCorsRules(putCorsRules);
  37. ossClient.setBucketCORS(request);
  38. // Close your OSSClient.
  39. ossClient.shutdown();

Obtain CORS rules

Use the following code to obtain CORS rules:

  1. // This example uses endpoint China (Hangzhou). Specify the actual endpoint based on your requirements.
  2. String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
  3. // It is highly risky to log on with AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM account, log on to https://ram.console.aliyun.com.
  4. String accessKeyId = "<yourAccessKeyId>";
  5. String accessKeySecret = "<yourAccessKeySecret>";
  6. String bucketName = "<yourBucketName>";
  7. // Create an OSSClient instance.
  8. OSSClient ossClient = new OSSClient(endpoint, accessKeyId, accessKeySecret);
  9. ArrayList<CORSRule> corsRules;
  10. // Obtain the CORS rule list.
  11. corsRules = (ArrayList<CORSRule>) ossClient.getBucketCORSRules(bucketName);
  12. for (CORSRule rule : corsRules) {
  13. for (String allowedOrigin1 : rule.getAllowedOrigins()) {
  14. // Obtain allowed sources of cross-origin requests.
  15. System.out.println(allowedOrigin1);
  16. }
  17. for (String allowedMethod1 : rule.getAllowedMethods()) {
  18. // Obtain the allowed cross-origin request method.
  19. System.out.println(allowedMethod1);
  20. }
  21. if (rule.getAllowedHeaders().size() > 0){
  22. for (String allowedHeader1 : rule.getAllowedHeaders()) {
  23. // Obtain the header list for allowed cross-origin requests.
  24. System.out.println(allowedHeader1);
  25. }
  26. }
  27. if (rule.getExposeHeaders().size() > 0) {
  28. for (String exposeHeader : rule.getExposeHeaders()) {
  29. // Obtain the header for an allowed cross-origin request.
  30. System.out.println(exposeHeader);
  31. }
  32. }
  33. if ( null != rule.getMaxAgeSeconds()) {
  34. System.out.println(rule.getMaxAgeSeconds());
  35. }
  36. }
  37. // Close your OSSClient.
  38. ossClient.shutdown();

Delete CORS rules

Use the following code to delete all CORS rules for the specified bucket:

  1. // This example uses endpoint China (Hangzhou). Specify the actual endpoint based on your requirements.
  2. String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
  3. // It is highly risky to log on with AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM account, log on to https://ram.console.aliyun.com.
  4. String accessKeyId = "<yourAccessKeyId>";
  5. String accessKeySecret = "<yourAccessKeySecret>";
  6. String bucketName = "<yourBucketName>";
  7. // Create an OSSClient instance.
  8. OSSClient ossClient = new OSSClient(endpoint, accessKeyId, accessKeySecret);
  9. // Delete all CORS rules for a specified bucket.
  10. ossClient.deleteBucketCORSRules(bucketName);
  11. // Close your OSSClient.
  12. ossClient.shutdown();
Thank you! We've received your feedback.