CORS - SDK Reference| Alibaba Cloud Documentation Center

Cross-origin Resource Sharing (CORS) allows web applications to access resources in other domains. The OSS provides an interface for developers to conveniently control cross-origin access permissions. For more information about CORS, see Cross-origin resource sharing.

OSS CORS settings contain one or more CORS rules. Each CORS rule includes the following parameters:

allowed_origins: The origins allowed for cross-origin requests, for example, www.my-domain.com, *
allowed_methods: The HTTP methods (PUT/POST/GET/DELETE/HEAD) allowed for cross-origin requests
allowed_headers: The headers allowed in a prefetch command (OPTIONS), for example, x-oss-test, *
expose_headers: The headers allowed for the user to access in the application
max_age_seconds: The cache time for the returned result of a browser prefetch (OPTIONS) request to a specific resource

Note: For the example code of CORS, see sample/bucket_cors.go.

Configure CORS rules

You can use Client.SetBucketCORS to configure CORS rules:

    import "github.com/aliyun/aliyun-oss-go-sdk/oss"
    client, err := oss.New("Endpoint", "AccessKeyId", "AccessKeySecret")
    if err != nil {
        // HandleError(err)
    }
    rule1 := oss.CORSRule{
        AllowedOrigin: []string{"*"},
        AllowedMethod: []string{"PUT", "GET"},
        AllowedHeader: []string{},
        ExposeHeader:  []string{},
        MaxAgeSeconds: 200,
    }
    rule2 := oss.CORSRule{
        AllowedOrigin: []string{"http://www.a.com", "http://www.b.com"},
        AllowedMethod: []string{"POST"},
        AllowedHeader: []string{"Authorization"},
        ExposeHeader:  []string{"x-oss-test", "x-oss-test1"},
        MaxAgeSeconds: 100,
    }
    err = client.SetBucketCORS("my-bucket", []oss.CORSRule{rule1, rule2})
    if err != nil {
        // HandleError(err)
    }

View CORS rules

You can use Client.GetBucketCORS to view CORS rules:

    import "fmt"
    import "github.com/aliyun/aliyun-oss-go-sdk/oss"
    client, err := oss.New("Endpoint", "AccessKeyId", "AccessKeySecret")
    if err != nil {
        // HandleError(err)
    }
    corsRes, err := client.GetBucketCORS("my-bucket")
    if err != nil {
        // HandleError(err)
    }
    fmt.Println("Bucket CORS:", corsRes.CORSRules)

Clear CORS rules

You can use Client.DeleteBucketCORS to clear CORS rules:

    import "github.com/aliyun/aliyun-oss-go-sdk/oss"
    client, err := oss.New("Endpoint", "AccessKeyId", "AccessKeySecret")
    if err != nil {
        // HandleError(err)
    }
    err = client.DeleteBucketCORS("my-bucket")
    if err != nil {
        // HandleError(err)
    }