If you want to request resources that belong to an accelerated domain name, you can add a custom HTTP response header to responses returned from your origin servers. This way, you can perform cross-origin resource sharing (CORS). This topic describes how to configure a custom HTTP response header.
CORS is a standard cross-origin solution that is provided by HTML 5 to allow web application servers to manage cross-origin access. This solution ensures that data transmission is secure.
To perform CORS, you can add response headers to responses. After Alibaba Cloud CDN receives a cross-origin request, CORS rules are triggered to check the permissions. Alibaba Cloud CDN checks whether each cross-origin request meets the CORS rules. Then, Alibaba Cloud CDN uses the first rule that matches the request to process the request and adds a header to the response. If the request fails to match the CORS rules, no header is added to the response.
The configuration of an HTTP response header applies to a domain name. After you configure an HTTP response header, the configuration of this response header takes effect for all responses returned from the domain name. An HTTP response header affects only the response behavior of clients, such as browsers. An HTTP response header does not affect the caching behavior of CDN nodes. You cannot configure a custom HTTP response header for wildcard domain names.
- Log on to the ApsaraVideo VOD console.
- In the left-side navigation pane of the ApsaraVideo VOD console, choose to go to the Domain Names page.
- On the Domain Names page, select the domain name that you want to configure, and click Configure in the Actions column.
- In the left-side navigation pane of the specified domain, click .
- Click the Custom HTTP Response Headers tab.
- Click Add and configure the parameters described in the following table. In the following example, a custom HTTP response header is configured.
Parameter Description Operation You can add, delete, change, or replace a response header. Response Header Select Custom or a standard response header, such as Cache-Control, from the drop-down list. For more information, see Response headers. Response Header Name If you select Custom for the Response Header parameter, you must specify a name for the response header. The name of the response header must be specified based on the following rules:
- The name must contain letters, digits, and hyphens (-).
- The name must be 1 to 100 characters in length.
Response Header Value Specify a value for the response header. For more information, see Response headers. Allow Duplicates
- Allowed: Retains the header that is returned from the origin server and the header that you add whose name is the same.
- Not Allowed: The header that you add whose name is the same overwrites the header that is returned from the origin server.
- Click OK.
After you add a custom HTTP response header, you can Modify or Delete the header in the Actions column.
|Custom||Allows you to add a custom response header based on your business requirements. The
name of the response header must be specified based on the following rules:
|Cache-Control||Specifies the cache policy that the client uses for requests and responses.||no-cache|
|Content-Disposition||Specifies the default file name if the retrieved content is saved as a file on the client.||examplefile.txt|
|Content-Type||Specifies the type of the content that is returned to the clients, such as text, image, audio, video, or file.||image|
|Pragma||The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. Pragma HTTP/1.0 is compatible with HTTP/1.1.||no-cache|
|Access-Control-Allow-Origin||Specifies a list of origins that are allowed to make cross-origin requests. If you
want to specify all domain names, you can set the Response Header Value field to a
wildcard character, such as the asterisk (*). You can also enter a domain name, for
|Access-Control-Allow-Methods||Specifies the request methods that you can use in cross-origin requests. You can specify multiple request methods. Separate multiple request methods with commas (,).||POST,GET|
|Access-Control-Allow-Headers||Specifies the header fields that you can use in cross-origin requests.||X-Custom-Header|
|Access-Control-Expose-Headers||Specifies the headers that can be exposed as part of the response. You can specify multiple headers. Separate multiple headers with commas (,).||Content-Length|
|Access-Control-Allow-Credentials||Specifies whether browsers can expose responses to the frontend page.
|Access-Control-Max-Age||Specifies how long the results of a preflight request can be cached, in seconds.||600|