Alibaba Cloud CDN supports Cross-origin resource sharing (CORS). You can add custom HTTP response headers to enable CORS. This topic describes how CORS works, how to configure CORS, and some use scenarios of CORS.
What is CORS?
CORS is a standard cross-origin solution provided by HTML5 to allow web application servers to control cross-origin access. This solution secures data transmission.


Enable CORS
Examples
- If the Origin value of a request header exactly matches one of the specified values, a response header with the destination origin is returned.
- If the Origin value does not have an exact match, no response header is returned.
The response header is set to Access-Control-Allow-Origin:http://example.com,https://aliyundoc.com in the Alibaba Cloud CDN console.
- If the Origin value of a request header is http://example.com, CDN edge nodes return Access-Control-Allow-Origin:http://example.com.
- If the Origin value of a request header is http://aliyundoc.com, CDN edge nodes return Access-Control-Allow-Origin:http://aliyundoc.com.
- If the Origin value of a request header is http://example.edu, CDN edge nodes do not return Access-Control-Allow-Origin.
Example 2: If the response header of CORS has a wildcard domain name configured, CDN edge nodes check whether the Origin value of a request header has a wildcard domain name that matches Access-Control-Allow-Origin.
- If the Origin value of a request header is Origin:http://demo.aliyundoc.com, CDN edge nodes return Access-Control-Allow-Origin:http://demo.aliyundoc.com.
- If the Origin value of a request header is Origin: http://demo.example.com, CDN edge nodes do not respond to the request.
- If the Origin value of a request header is Origin:https://demo.aliyundoc.com, CDN edge nodes do not respond to the request because the request uses HTTPS while CDN edge nodes respond only to HTTP requests.