Queries the cross-origin resource sharing (CORS) rules of a bucket.
Request structure
GET /? cors HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue
Request headers
All headers in a DescribeRegions request are common request headers. For more information, see Common request headers.
Response headers
All headers in the response to a DescribeRegions request are common response headers. For more information, see Common response headers.
Response parameters
Parameter | Type | Example | Description |
CORSRule | Container | N/A | The container that stores CORS rules. Up to 10 rules can be configured for a bucket. Parent nodes: CORSConfiguration |
AllowedOrigin | String | * | The sources from which cross-origin requests are allowed. If AllowedOrigin is set to an asterisk (*), cross-origin requests from all sources are allowed. Parent nodes: CORSRule |
AllowedMethod | Enumeration (GET, PUT, DELETE, POST, and HEAD) | GET | The cross-origin request methods that are allowed. Parent nodes: CORSRule |
AllowedHeader | String | * | Indicates whether the headers specified by Access-Control-Request-Headers in the OPTIONS preflight request are allowed. Each header specified by Access-Control-Request-Headers must match the value of an AllowedHeader element. Parent nodes: CORSRule |
ExposeHeader | String | x-oss-test | The response headers for allowed access requests from applications, such as an XMLHttpRequest object in JavaScript. Parent nodes: CORSRule |
MaxAgeSeconds | Integer | 100 | The period of time within which the browser can cache the response for an OPTIONS preflight request to specific resources. A CORS rule can contain only one MaxAgeSeconds parameter. Unit: seconds Parent nodes: CORSRule |
CORSConfiguration | Container | N/A | The container that stores CORS configurations of the bucket. Parent nodes: none |
ResponseVary | Boolean | false | Indicates whether the Vary: Origin header was returned. Default value: false.
Parent nodes: CORSConfiguration |
Examples
Sample request
Get /? cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Thu, 13 Sep 2012 07:51:28 GMT
Authorization: OSS qn6q**************:77Dv****************
Sample response
HTTP/1.1 200
x-oss-request-id: 50519080C4689A033D00****
Date: Thu, 13 Sep 2012 07:51:28 GMT
Connection: keep-alive
Content-Length: 218
Server: AliyunOSS
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<ExposeHeader>x-oss-test</ExposeHeader>
<MaxAgeSeconds>100</MaxAgeSeconds>
</CORSRule>
<ResponseVary>false</ResponseVary>
</CORSConfiguration>
OSS SDKs
You can use OSS SDKs for the following programming languages to call GetBucketCors:
Error codes
Error code | HTTP status code | Description |
NoSuchBucket | 404 | The error message returned because the specified bucket does not exist. |
NoSuchCORSConfiguration | 404 | The error message returned because the specified CORS rule does not exist. |
AccessDenied | 403 | The error message returned because you are not authorized to perform this operation. Only the owner of a bucket can query the CORS rules configured for the bucket. |