Sources |
Yes |
The sources from which you want to allow cross-origin requests. When you configure
the sources, take note of the following rules:
- You can configure multiple rules for sources. Separate multiple rules with line feeds.
- The domain names must include the protocol name, such as HTTP or HTTPS.
- You can use an asterisk (*) as the wildcard character. Each source can contain up
to one asterisk (*).
- If a domain name does not use the default port, the domain name must contain the port
number. Example: https://www.example.com:8080.
The following examples show how to configure domain names:
- To match a specified domain name, enter the full domain name. Example: https://www.example.com.
- To match second-level domain names, use an asterisk (*) as the wildcard character
in the domain name. Example: https://*.example.com.
- To match all domain names, enter only an asterisk (*) as the wildcard character.
|
Allowed Methods |
Yes |
The methods that cross-origin requests are allowed to use. |
Allowed Headers |
No |
The response headers for the allowed cross-origin requests. When you configure the
headers, take note of the following rules:
- This parameter is in the key:value format and not case-sensitive. Example: content-type:text/plain.
- You can configure multiple response headers. Separate multiple response headers with
line feeds.
- Each rule can contain up to one asterisk (*) as the wildcard character. Set this parameter
to an asterisk (*) if you do not have special requirements.
|
Exposed Headers |
No |
The response headers for allowed access requests from applications, such as an XMLHttpRequest
object in JavaScript. Exposed headers cannot contain asterisks (*).
We recommend that you set the following common exposed headers:
- x-oss-request-id
If you encounter an issue, contact technical support and provide the request ID to
locate and resolve the issue.
- ETag
You can use the ETag value of an object to check whether the object content is modified.
|
Cache Timeout (Seconds) |
No |
The period of time in which the browser can cache the response to an OPTIONS preflight
request for specific resources. Unit: seconds.
|
Vary: Origin |
No |
Specifies whether to return the Vary: Origin header.
If both CORS and non-CORS requests are sent to OSS, or if the Origin header has multiple
possible values, we recommend that you select the Vary: Origin header to avoid errors in the local cache.
Notice If Vary: Origin is selected, visits through the browser or the CDN back-to-origin requests may increase.
|