Cross-origin resource sharing (CORS) is a standard cross-origin solution provided by HTML5 to allow web application servers to control cross-origin access. This way, the security of data transmission across origins is ensured.

Configure CORS rules

The following code provides an example on how to configure CORS rules for a specific bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in Object Storage Service (OSS) is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
  access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')
# Specify the bucket name. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
# Configure CORS rules. 
bucket.cors = [
    CORSRule.new(
      # Specify the source from which you want to allow cross-origin requests. Example: http://example.com. 
      :allowed_origins => ['http://example.com', 'http://example.net'],
      # Specify the HTTP methods that can be used to send cross-origin requests, including GET, PUT, DELETE, POST, and HEAD. 
      :allowed_methods => ['PUT', 'POST', 'GET'],
      # Specify the headers that are allowed in OPTIONS preflight requests. Example: x-oss-test. 
      :allowed_headers => ['x-oss-test'],
      # Specify the response headers for allowed access requests from applications. 
      :expose_headers => ['x-oss-test1'],
      # Specify the period of time in which the browser can cache the response to an OPTIONS preflight request for specific resources. Unit: seconds. 
      :max_age_seconds => 100)
]

Query CORS rules

The following code provides an example on how to query CORS rules that are configured for a specific bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
  access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')

# Specify the bucket name. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
cors = bucket.cors
puts cors.map(&:to_s)

Delete CORS rules

The following code provides an example on how to delete the CORS rules that are configured for a specific bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
  access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')

# Specify the bucket name. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
bucket.cors = []

References

  • For more information about the API operation that you can call to configure CORS rules, see PutBucketCors.
  • For more information about the API operation that you can call to query CORS rules, see GetBucketCors.
  • For more information about the API operation that you can call to delete CORS rules, see DeleteBucketCors.