CORS

Last Updated: Oct 23, 2017

Cross-origin Resource Sharing (CORS) allows web applications to access resources in other domains. OSS provides an interface for developers to conveniently control cross-origin access permissions. For more information about CORS, see CORS access.

Set CORS rules

The setBucketCors method can be used to configure a CORS rule for a specified bucket. If a rule already exists, it is overwritten by a new one.

Parameters for specific rules are generally set through the CORSRule class. The code is as follows:

  1. SetBucketCORSRequest request = new SetBucketCORSRequest();
  2. request.setBucketName(bucketName);
  3. //The CORS rule container. Each bucket allows a maximum of 10 rules
  4. ArrayList<CORSRule> putCorsRules = new ArrayList<CORSRule>();
  5. CORSRule corRule = new CORSRule();
  6. ArrayList<String> allowedOrigin = new ArrayList<String>();
  7. //Specify the allowed source of cross-origin requests
  8. allowedOrigin.add( "http://www.b.com");
  9. ArrayList<String> allowedMethod = new ArrayList<String>();
  10. //Specify the allowed cross-origin request methods (GET/PUT/DELETE/POST/HEAD)
  11. allowedMethod.add("GET");
  12. ArrayList<String> allowedHeader = new ArrayList<String>();
  13. //Control whether the headers specified by Access-Control-Request-Headers in the OPTIONS' prefetch command are allowed.
  14. allowedHeader.add("x-oss-test");
  15. ArrayList<String> exposedHeader = new ArrayList<String>();
  16. //Specify the response headers users are allowed to access from the application
  17. exposedHeader.add("x-oss-test1");
  18. corRule.setAllowedMethods(allowedMethod);
  19. corRule.setAllowedOrigins(allowedOrigin);
  20. corRule.setAllowedHeaders(allowedHeader);
  21. corRule.setExposeHeaders(exposedHeader);
  22. // Specify the cache time for the returned result of browser prefetch (OPTIONS) requests to a specific resource. Unit: seconds.
  23. corRule.setMaxAgeSeconds(10);
  24. //A maximum of 10 rules are allowed
  25. putCorsRules.add(corRule);
  26. request.setCorsRules(putCorsRules);
  27. oss.setBucketCORS(request);

Note:

  • Each bucket allows a maximum of 10 rules.

  • The AllowedOrigins and AllowedMethods each supports up to one “*“ wildcard. “*“ indicates that all origin sources or operations are allowed.

  • AllowedHeaders and ExposeHeaders do not support wildcards.

Get CORS rules

The GetBucketCors method can be used to access the CORS rules of a bucket. The code is as follows:

  1. ArrayList<CORSRule> corsRules;
  2. //Retrieve the list of CORS rules
  3. corsRules = (ArrayList<CORSRule>) oss.getBucketCORSRules(bucketName);
  4. for (CORSRule rule : corsRules) {
  5. for (String allowedOrigin1 : rule.getAllowedOrigins()) {
  6. //Retrieve allowed cross-origin request origins
  7. System.out.println(allowedOrigin1);
  8. }
  9. for (String allowedMethod1 : rule.getAllowedMethods()) {
  10. //Retrieve allowed cross-origin request methods
  11. System.out.println(allowedMethod1);
  12. }
  13. if (rule.getAllowedHeaders().size() > 0){
  14. for (String allowedHeader1 : rule.getAllowedHeaders()) {
  15. //Retrieve the list of allowed headers
  16. System.out.println(allowedHeader1);
  17. }
  18. }
  19. if (rule.getExposeHeaders().size() > 0) {
  20. for (String exposeHeader : rule.getExposeHeaders()) {
  21. //Retrieve allowed headers
  22. System.out.println(exposeHeader);
  23. }
  24. }
  25. if ( null != rule.getMaxAgeSeconds()) {
  26. System.out.println(rule.getMaxAgeSeconds());
  27. }
  28. }

Delete a CORS rule

The following code disables CORS for a specified bucket and clears all its CORS rules:

  1. // Clear the CORS rules in the bucket
  2. oss.deleteBucketCORSRules(bucketName);
Thank you! We've received your feedback.