All Products
Search

This Product

    Object Storage Service:GetBucketCors

    Document Center

    Object Storage Service:GetBucketCors

    Last Updated:Apr 29, 2024

    Queries the cross-origin resource sharing (CORS) rules of a bucket.

    Request structure

    GET /? cors HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

    Request headers

    This request contains only common request headers. For more information, see Common HTTP headers.

    Response headers

    This request contains only common response headers. For more information, see Common HTTP headers.

    Response parameters

    Parameter

    Type

    Example

    Description

    CORSRule

    Container

    N/A

    The container that stores CORS rules. Up to 10 rules can be configured for a bucket.

    Parent nodes: CORSConfiguration

    AllowedOrigin

    String

    *

    The sources from which cross-origin requests are allowed. If AllowedOrigin is set to an asterisk (*), cross-origin requests from all sources are allowed.

    Parent nodes: CORSRule

    AllowedMethod

    Enumeration (GET, PUT, DELETE, POST, and HEAD)

    GET

    The cross-origin request methods that are allowed.

    Parent nodes: CORSRule

    AllowedHeader

    String

    *

    Indicates whether the headers specified by Access-Control-Request-Headers in the OPTIONS preflight request are allowed. Each header specified by Access-Control-Request-Headers must match the value of an AllowedHeader element.

    Parent nodes: CORSRule

    ExposeHeader

    String

    x-oss-test

    The response headers for allowed access requests from applications, such as an XMLHttpRequest object in JavaScript.

    Parent nodes: CORSRule

    MaxAgeSeconds

    Integer

    100

    The period of time within which the browser can cache the response for an OPTIONS preflight request to specific resources. A CORS rule can contain only one MaxAgeSeconds parameter.

    Unit: seconds

    Parent nodes: CORSRule

    CORSConfiguration

    Container

    N/A

    The container that stores CORS configurations of the bucket.

    Parent nodes: none

    ResponseVary

    Boolean

    false

    Indicates whether the Vary: Origin header was returned. Default value: false.

    • true: The Vary: Origin header is returned regardless whether the request is a cross-origin request or whether the cross-origin request succeeds.

    • false: The Vary: Origin header is not returned.

    Parent nodes: CORSConfiguration

    Examples

    Sample request

    Get /? cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com  
Date: Thu, 13 Sep 2012 07:51:28 GMT
Authorization: OSS qn6q**************:77Dv****************

    Sample response

    HTTP/1.1 200
x-oss-request-id: 50519080C4689A033D00****
Date: Thu, 13 Sep 2012 07:51:28 GMT
Connection: keep-alive
Content-Length: 218  
Server: AliyunOSS
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
    <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <AllowedHeader>*</AllowedHeader>
      <ExposeHeader>x-oss-test</ExposeHeader>
      <MaxAgeSeconds>100</MaxAgeSeconds>
    </CORSRule>
    <ResponseVary>false</ResponseVary>
</CORSConfiguration>

    OSS SDKs

    You can use OSS SDKs for the following programming languages to call GetBucketCors:

    Error codes

    Error code

    HTTP status code

    Description

    NoSuchBucket

    404

    The error message returned because the specified bucket does not exist.

    NoSuchCORSConfiguration

    404

    The error message returned because the specified CORS rule does not exist.

    AccessDenied

    403

    The error message returned because you are not authorized to perform this operation. Only the owner of a bucket can query the CORS rules configured for the bucket.