Configuring CORS for a Bucket (SDK for Node.js)
If you have any questions during development, post them on the Issues page of GitHub.
Function
Cross-origin resource sharing (CORS) is a mechanism defined by the World Wide Web Consortium (W3C) that allows a web application program in one domain to access resources located in another one. For normal web page requests, website scripts and contents in one domain cannot interact with those in another because of Same Origin Policies (SOPs). OBS supports CORS rules that allow the resources in OBS to be requested by other domains.
This API configures CORS for a bucket. The configured CORS rules follow the principle of new ones overwriting old ones.
Restrictions
- To configure CORS for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketCORS in IAM or PutBucketCORS in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
Method
ObsClient.setBucketCors(params)
Request Parameters
|
Parameter |
Type |
Mandatory (Yes/No) |
Description |
|---|---|---|---|
|
Bucket |
string |
Yes |
Bucket name Restrictions:
Value range: The value can contain 3 to 63 characters. Default value: None |
|
CorsRules |
CorsRule[] |
Yes |
Explanation: List of CORS rules of a bucket. Restrictions: A list can contain a maximum of 100 CORS rules. Value range: See CorsRule. Default value: None |
|
Parameter |
Type |
Mandatory (Yes/No) |
Description |
|---|---|---|---|
|
ID |
string |
No if used as a request parameter |
Explanation: CORS rule ID. Restrictions: None Value range: The value must contain 1 to 255 characters. Default value: None |
|
AllowedMethod |
string[] |
Yes if used as a request parameter |
Explanation: The allowed HTTP methods (types of operations on buckets and objects) for a cross-origin request. Restrictions: None Value range: The following HTTP methods are supported:
Default value: None |
|
AllowedOrigin |
string[] |
Yes if used as a request parameter |
Explanation: The origin that is allowed to access the bucket. Restrictions: Domain name of the origin. Each origin can contain at most one wildcard character (*). Example: https://*.vbs.example.com Value range: None Default value: None |
|
AllowedHeader |
string[] |
No if used as a request parameter |
Explanation: The allowed cross-origin request headers. Only CORS requests matching the allowed headers are valid. Restrictions: Each header can contain at most one wildcard character (*). Spaces, ampersands (&), colons (:), less-than signs (<), and full-width characters are not allowed. Value range: None Default value: None |
|
MaxAgeSeconds |
number |
No if used as a request parameter |
Explanation: How long the response can be cached on a client Restrictions: Each CORS rule can contain at most one MaxAgeSeconds. Value range: 0 to (231 – 1), in seconds Default value: 100 |
|
ExposeHeader |
string[] |
No if used as a request parameter |
Explanation: It specifies additional headers a CORS rule allows in a response, which can be used to provide extra information to clients. By default, a browser can access only headers Content-Length and Content-Type. If the browser needs to access other headers, you need to configure them as additional headers. Restrictions: Spaces, asterisks (*), ampersands (&), colons (:), less-than signs (<), and full-width characters are not allowed. Value range: None Default value: None |
Responses
|
Type |
Description |
|---|---|
|
NOTE:
This API returns a Promise response, which requires the Promise or async/await syntax. |
Explanation: Returned results. For details, see Table 4. |
|
Parameter |
Type |
Description |
|---|---|---|
|
CommonMsg |
Explanation: Common information generated after an API call is complete, including the HTTP status code and error code. For details, see Table 5. |
|
|
InterfaceResult |
Explanation: Results outputted for a successful call. For details, see Table 6. Restrictions: This parameter is not included if the value of Status is greater than 300. |
|
Parameter |
Type |
Description |
|
Status |
number |
Explanation: HTTP status code returned by the OBS server. Value range: A status code is a group of digits indicating the status of a response. It ranges from 2xx (indicating successes) to 4xx or 5xx (indicating errors). For details, see Status Codes. |
|
Code |
string |
Explanation: Error code returned by the OBS server. |
|
Message |
string |
Explanation: Error description returned by the OBS server. |
|
HostId |
string |
Explanation: Request server ID returned by the OBS server. |
|
RequestId |
string |
Explanation: Request ID returned by the OBS server. |
|
Id2 |
string |
Explanation: Request ID2 returned by the OBS server. |
|
Indicator |
string |
Explanation: Error code details returned by the OBS server. |
Code Examples
This example configures CORS for bucket examplebucket.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
// Import the OBS library. // Use npm to install the client. const ObsClient = require("esdk-obs-nodejs"); // Use the source code to install the client. // var ObsClient = require('./lib/obs'); // Create an instance of ObsClient. const obsClient = new ObsClient({ // Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage. // Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/eu/usermanual-ca/ca_01_0003.html. access_key_id: process.env.ACCESS_KEY_ID, secret_access_key: process.env.SECRET_ACCESS_KEY, // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. // security_token: process.env.SECURITY_TOKEN, // Enter the endpoint corresponding to the region where the bucket is located. EU-Dublin is used here in this example. Replace it with the one currently in use. server: "https://obs.eu-west-101.myhuaweicloud.eu" }); async function setBucketCors() { try { const params = { // Specify the bucket name. Bucket: "examplebucket", // Specify CORS rules. CorsRules: [ { // Specify the allowed request methods, which can be GET, PUT, DELETE, POST, or HEAD. AllowedMethod: ['GET', 'HEAD', 'PUT'], // Specify the allowed request origins. AllowedOrigin: ['http://www.a.com', 'http://www.b.com'], // Specify whether headers specified in Access-Control-Request-Headers in an OPTIONS preflight request can be used. AllowedHeader: ['x-obs-header'], // Specify what headers users can access from application programs. ExposeHeader: ['x-obs-expose-header'], // Specify the browser's cache time of the returned results of OPTIONS preflight requests for specific resources, in seconds. MaxAgeSeconds: 10 } ] }; // Configure CORS settings for the bucket. const result = await obsClient.setBucketCors(params); if (result.CommonMsg.Status <= 300) { console.log("Set bucket(%s) CORS configuration successful!", params.Bucket); console.log("RequestId: %s", result.CommonMsg.RequestId); return; }; console.log("An ObsError was found, which means your request sent to OBS was rejected with an error response."); console.log("Status: %d", result.CommonMsg.Status); console.log("Code: %s", result.CommonMsg.Code); console.log("Message: %s", result.CommonMsg.Message); console.log("RequestId: %s", result.CommonMsg.RequestId); } catch (error) { console.log("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network."); console.log(error); }; }; setBucketCors(); |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
