PUT Bucket CORS

CORS is a standard mechanism proposed by the World Wide Web Consortium (W3C) that allows cross-origin requests from clients. For standard web page requests, the scripts and contents at one website cannot interact with those at another website due to the existence of the Same Origin Policy (SOP).

OBS allows buckets to store static web resources. The buckets of OBS can serve as website resources if the buckets are properly used (for details, see PUT Bucket Website). A website in OBS can respond to requests of another websites only after CORS is properly configured.

Typical application scenarios are as follows:

  • With the support of CORS, you can use JavaScript and HTML 5 to construct web applications and directly access the resources in OBS without the need to use proxy servers for transfer.
  • You can enable the dragging function of HTML 5 to directly upload files to OBS (with the upload progress displayed) or update OBS contents using web applications.
  • You can host external web pages, style sheets, and HTML 5 applications in different domains. Web fonts or pictures on OBS can be shared by multiple websites.

Only users granted the s3:PutBucketCORS permission can perform this operation. By default, only the bucket owner can perform this operation. The bucket owner can allow other users to perform this operation by granting them the permission.

Request Syntax

PUT /?cors HTTP/1.1
Host: bucketname.obs.cn-north-1.myhwclouds.com
Content-Length: length
Date: date
Authorization: authorization
Content-MD5: MD5

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
    <CORSRule>
        <ID>id</ID>
        <AllowedMethod>method</AllowedMethod>
        <AllowedOrigin>origin</AllowedOrigin>
        <AllowedHeader>header</AllowedHeader>
        <MaxAgeSeconds>seconds</MaxAgeSeconds>
        <ExposeHeader>header</ExposeHeader>
    </CORSRule>
</CORSConfiguration>

Request Parameters

This request contains no parameter.

Request Headers

Table 1 lists the request header.

Table 1 CORS request header

Header

Description

Required or Optional

Content-MD5

Indicates the base64-encoded 128-bit MD5 digest of the message according to RFC 1864.

Type: string

Example: n58IG6hfM7vqI4K0vnWpog==

Required

Request Elements

In this request, you must configure the CORS of buckets in the request body. The configuration information is uploaded in XML format. Table 2 lists the CORS configuration elements.

Table 2 CORS configuration elements

Element

Description

Required or Optional

CORSConfiguration

Indicates the root element of CORSRules. The maximum size is 64 KB.

Type: container

Ancestor: none

Required

CORSRule

Indicates a CORS rule. CORSConfiguration can contain a maximum of 100 rules.

Type: container

Ancestor: CORSConfiguration

Required

ID

Indicates the unique identifier of a rule. The value can contain a maximum of 255 characters.

Type: string

Ancestor: Rule

Optional

AllowedMethod

Indicates a method that is allowed by a CORS rule.

Type: string

Valid values: GET, PUT, HEAD, POST, and DELETE

Ancestor: Rule

Required

AllowedOrigin

Indicates an origin (character string indicating a domain name) that is allowed by a CORS rule. Each AllowedOrigin can contain at most one wildcard (*).

Type: string

Ancestor: Rule

Required

AllowedHeader

Indicates which headers are allowed in a PUT Bucket CORS request via the Access-Control-Request-Headers header. If a request contains Access-Control-Request-Headers, only a CORS request that matches the configuration of AllowedHeader is considered as a valid request. Each AllowedHeader can contain at most one wildcard (*) and cannot contain spaces.

Type: string

Ancestor: Rule

Optional

MaxAgeSeconds

Indicates the response time of CORS that can be cached by a client. It is expressed in seconds.

Each CORSRule can contain at most one MaxAgeSeconds. MaxAgeSeconds can be set to a negative value.

Type: integer

Ancestor: Rule

Optional

ExposeHeader

Indicates a supplemented header in CORS responses. The header provides additional information for clients. It cannot contain spaces.

Type: string

Ancestor: Rule

Optional

Response Syntax

HTTP/1.1 status_code

Date: date
Content-Length: length

Response Headers

This response uses common headers. For details, see Common Response Headers.

Response Elements

This response contains no element.

Error Responses

No special error responses are returned. For details about error responses, see Table 1.

Registration