Cross-origin resource sharing (CORS) is a standard cross-origin solution provided by HTML5 to allow web application servers to control cross-origin access. This way, the security of data transmission across origins is ensured.
Configure CORS rules
The following code provides an example on how to configure CORS rules for a specific bucket:
require 'aliyun/oss'
client = Aliyun::OSS::Client.new(
# In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint.
endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
# The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in Object Storage Service (OSS) is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console.
access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')
# Specify the bucket name. Example: examplebucket.
bucket = client.get_bucket('examplebucket')
# Configure CORS rules.
bucket.cors = [
CORSRule.new(
# Specify the source from which you want to allow cross-origin requests. Example: http://example.com.
:allowed_origins => ['http://example.com', 'http://example.net'],
# Specify the HTTP methods that can be used to send cross-origin requests, including GET, PUT, DELETE, POST, and HEAD.
:allowed_methods => ['PUT', 'POST', 'GET'],
# Specify the headers that are allowed in OPTIONS preflight requests. Example: x-oss-test.
:allowed_headers => ['x-oss-test'],
# Specify the response headers for allowed access requests from applications.
:expose_headers => ['x-oss-test1'],
# Specify the period of time in which the browser can cache the response to an OPTIONS preflight request for specific resources. Unit: seconds.
:max_age_seconds => 100)
]
Query CORS rules
The following code provides an example on how to query CORS rules that are configured for a specific bucket:
require 'aliyun/oss'
client = Aliyun::OSS::Client.new(
# In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint.
endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
# The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console.
access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')
# Specify the bucket name. Example: examplebucket.
bucket = client.get_bucket('examplebucket')
cors = bucket.cors
puts cors.map(&:to_s)
Delete CORS rules
The following code provides an example on how to delete the CORS rules that are configured for a specific bucket:
require 'aliyun/oss'
client = Aliyun::OSS::Client.new(
# In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint.
endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
# The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console.
access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')
# Specify the bucket name. Example: examplebucket.
bucket = client.get_bucket('examplebucket')
bucket.cors = []
References
- For more information about the API operation that you can call to configure CORS rules, see PutBucketCors.
- For more information about the API operation that you can call to query CORS rules, see GetBucketCors.
- For more information about the API operation that you can call to delete CORS rules, see DeleteBucketCors.