Help Center/ Object Storage Service/ SDK Reference/ Node.js/ Bucket CORS (SDK for Node.js)/ Configuring CORS for a Bucket (SDK for Node.js)
Updated on 2024-11-13 GMT+08:00

Configuring CORS for a Bucket (SDK for Node.js)

If you have any questions during development, post them on the Issues page of GitHub.

Function

Cross-origin resource sharing (CORS) is a mechanism defined by the World Wide Web Consortium (W3C) that allows a web application program in one domain to access resources located in another one. For normal web page requests, website scripts and contents in one domain cannot interact with those in another because of Same Origin Policies (SOPs). OBS supports CORS rules that allow the resources in OBS to be requested by other domains.

This API configures CORS for a bucket. The configured CORS rules follow the principle of new ones overwriting old ones.

Restrictions

Method

ObsClient.setBucketCors(params)

Request Parameters

Table 1 List of request parameters

Parameter

Type

Mandatory (Yes/No)

Description

Bucket

string

Yes

Bucket name

Restrictions:

  • A bucket name must be unique across all accounts and regions.
  • A bucket name:
    • Must be 3 to 63 characters long and start with a digit or letter. Lowercase letters, digits, hyphens (-), and periods (.) are allowed.
    • Cannot be formatted as an IP address.
    • Cannot start or end with a hyphen (-) or period (.).
    • Cannot contain two consecutive periods (..), for example, my..bucket.
    • Cannot contain a period (.) and a hyphen (-) adjacent to each other, for example, my-.bucket or my.-bucket.
  • If you repeatedly create buckets with the same name in the same region, no error will be reported, and the bucket attributes comply with those set in the first creation request.

Value range:

The value can contain 3 to 63 characters.

Default value:

None

CorsRules

CorsRule[]

Yes

Explanation:

List of CORS rules of a bucket.

Restrictions:

A list can contain a maximum of 100 CORS rules.

Value range:

See CorsRule.

Default value:

None

Table 2 CorsRule

Parameter

Type

Mandatory (Yes/No)

Description

ID

string

No if used as a request parameter

Explanation:

CORS rule ID.

Restrictions:

None

Value range:

The value must contain 1 to 255 characters.

Default value:

None

AllowedMethod

string[]

Yes if used as a request parameter

Explanation:

The allowed HTTP methods (types of operations on buckets and objects) for a cross-origin request.

Restrictions:

None

Value range:

The following HTTP methods are supported:

  • GET
  • PUT
  • HEAD
  • POST
  • DELETE

Default value:

None

AllowedOrigin

string[]

Yes if used as a request parameter

Explanation:

The origin that is allowed to access the bucket.

Restrictions:

Domain name of the origin. Each origin can contain at most one wildcard character (*). Example: https://*.vbs.example.com

Value range:

None

Default value:

None

AllowedHeader

string[]

No if used as a request parameter

Explanation:

The allowed cross-origin request headers. Only CORS requests matching the allowed headers are valid.

Restrictions:

Each header can contain at most one wildcard character (*). Spaces, ampersands (&), colons (:), less-than signs (<), and full-width characters are not allowed.

Value range:

None

Default value:

None

MaxAgeSeconds

number

No if used as a request parameter

Explanation:

How long the response can be cached on a client

Restrictions:

Each CORS rule can contain at most one MaxAgeSeconds.

Value range:

0 to (231 – 1), in seconds

Default value:

100

ExposeHeader

string[]

No if used as a request parameter

Explanation:

It specifies additional headers a CORS rule allows in a response, which can be used to provide extra information to clients. By default, a browser can access only headers Content-Length and Content-Type. If the browser needs to access other headers, you need to configure them as additional headers.

Restrictions:

Spaces, asterisks (*), ampersands (&), colons (:), less-than signs (<), and full-width characters are not allowed.

Value range:

None

Default value:

None

Responses

Table 3 Responses

Type

Description

Table 4

NOTE:

This API returns a Promise response, which requires the Promise or async/await syntax.

Explanation:

Returned results. For details, see Table 4.

Table 4 Response

Parameter

Type

Description

CommonMsg

ICommonMsg

Explanation:

Common information generated after an API call is complete, including the HTTP status code and error code. For details, see Table 5.

InterfaceResult

Table 6

Explanation:

Results outputted for a successful call. For details, see Table 6.

Restrictions:

This parameter is not included if the value of Status is greater than 300.

Table 5 ICommonMsg

Parameter

Type

Description

Status

number

Explanation:

HTTP status code returned by the OBS server.

Value range:

A status code is a group of digits indicating the status of a response. It ranges from 2xx (indicating successes) to 4xx or 5xx (indicating errors). For details, see Status Codes.

Code

string

Explanation:

Error code returned by the OBS server.

Message

string

Explanation:

Error description returned by the OBS server.

HostId

string

Explanation:

Request server ID returned by the OBS server.

RequestId

string

Explanation:

Request ID returned by the OBS server.

Id2

string

Explanation:

Request ID2 returned by the OBS server.

Indicator

string

Explanation:

Error code details returned by the OBS server.

Table 6 BaseResponseOutput

Parameter

Type

Description

RequestId

string

Explanation:

Request ID returned by the OBS server

Code Examples

This example configures CORS for bucket examplebucket.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
// Import the OBS library.
// Use npm to install the client.
const ObsClient = require("esdk-obs-nodejs");
// Use the source code to install the client.
// var ObsClient = require('./lib/obs');

// Create an instance of ObsClient.
const obsClient = new ObsClient({
  // Obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways. Using hard coding may result in leakage.
  // Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
  access_key_id: process.env.ACCESS_KEY_ID,
  secret_access_key: process.env.SECRET_ACCESS_KEY,
  // (Optional) If you use a temporary AK/SK pair and a security token to access OBS, you are advised not to use hard coding, which may result in information leakage. You can obtain an AK/SK pair using environment variables or import an AK/SK pair in other ways.
  // security_token: process.env.SECURITY_TOKEN,
  // Enter the endpoint corresponding to the region where the bucket is located. CN-Hong Kong is used here in this example. Replace it with the one currently in use.
  server: "https://obs.ap-southeast-1.myhuaweicloud.com"
});

async function setBucketCors() {
  try {
    const params = {
      // Specify the bucket name.
      Bucket: "examplebucket",
      // Specify CORS rules.
      CorsRules: [
        {
          // Specify the allowed request methods, which can be GET, PUT, DELETE, POST, or HEAD.
          AllowedMethod: ['GET', 'HEAD', 'PUT'],
          // Specify the allowed request origins.
          AllowedOrigin: ['http://www.a.com', 'http://www.b.com'],
          // Specify whether headers specified in Access-Control-Request-Headers in an OPTIONS preflight request can be used.
          AllowedHeader: ['x-obs-header'],
          // Specify what headers users can access from application programs.
          ExposeHeader: ['x-obs-expose-header'],
          // Specify the browser's cache time of the returned results of OPTIONS preflight requests for specific resources, in seconds.
          MaxAgeSeconds: 10
        }
      ]
    };
    // Configure CORS settings for the bucket.
    const result = await obsClient.setBucketCors(params);
    if (result.CommonMsg.Status <= 300) {
      console.log("Set bucket(%s) CORS configuration successful!", params.Bucket);
      console.log("RequestId: %s", result.CommonMsg.RequestId);
      return;
    };
    console.log("An ObsError was found, which means your request sent to OBS was rejected with an error response.");
    console.log("Status: %d", result.CommonMsg.Status);
    console.log("Code: %s", result.CommonMsg.Code);
    console.log("Message: %s", result.CommonMsg.Message);
    console.log("RequestId: %s", result.CommonMsg.RequestId);
  } catch (error) {
    console.log("An Exception was found, which means the client encountered an internal problem when attempting to communicate with OBS, for example, the client was unable to access the network.");
    console.log(error);
  };
};

setBucketCors();