All Products
Search
Document Center

Object Storage Service:CORS

Last Updated:Oct 10, 2023

Cross-origin resource sharing (CORS) is a standard cross-origin solution provided by HTML5 to allow web application servers to control cross-origin access and secure cross-origin data transmission.

Configure CORS rules

The following code provides an example on how to configure cross-origin resource sharing (CORS) rules for a specific bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
  access_key_id: ENV['OSS_ACCESS_KEY_ID'],
  access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)

# Specify the name of the bucket. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
# Configure CORS rules. 
bucket.cors = [
    Aliyun::OSS::CORSRule.new(
      # Specify the origin from which you want to allow cross-origin requests. Example: http://example.com. 
      :allowed_origins => ['http://example.com', 'http://example.net'],
      # Specify the methods that can be used to send cross-origin requests, including GET, PUT, DELETE, POST, and HEAD. 
      :allowed_methods => ['PUT', 'POST', 'GET'],
      # Specify the headers that are allowed in OPTIONS preflight requests. Example: x-oss-test. 
      :allowed_headers => ['x-oss-test'],
      # Specify the response headers for allowed access requests from applications. 
      :expose_headers => ['x-oss-test1'],
      # Specify the period of time in which the browser can cache the response for an OPTIONS preflight request for specific resources. Unit: seconds. 
      :max_age_seconds => 100)
]

Query CORS rules

The following code provides an example on how to query CORS rules that are configured for a specific bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
    # Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
  access_key_id: ENV['OSS_ACCESS_KEY_ID'],
  access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)

# Specify the name of the bucket. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
cors = bucket.cors
puts cors.map(&:to_s)

Delete CORS rules

The following code provides an example on how to delete CORS rules that are configured for a specific bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
  access_key_id: ENV['OSS_ACCESS_KEY_ID'],
  access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)

# Specify the name of the bucket. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
bucket.cors = []

References

  • For more information about the API operation that you can call to configure CORS rules, see PutBucketCors.

  • For more information about the API operation that you can call to query CORS rules, see GetBucketCors.

  • For more information about the API operation that you can call to delete CORS rules, see DeleteBucketCors.