Configuring Bucket CORS
Functions
Cross-origin resource sharing (CORS) is a standard mechanism proposed by World Wide Web Consortium (W3C) and allows cross-origin requests from clients. For standard web page requests, the scripts and contents at one website cannot interact with those at another website due to the existence of the Same Origin Policy (SOP).
OBS allows buckets to store static web resources. The buckets of OBS can serve as website resources if the buckets are properly used (for details, see Configuring Static Website Hosting for a Bucket). A website in OBS can respond to requests of another websites only after CORS is properly configured.
Typical application scenarios are as follows:
- With the support of CORS, you can use JavaScript and HTML5 to construct web applications and directly access the resources in OBS without the need to use proxy servers for transfer.
- You can enable the dragging function of HTML 5 to directly upload files to the OBS (with the upload progress displayed) or update the OBS contents using web applications.
- Hosts external web pages, style sheets, and HTML 5 applications in different origins. Web fonts or pictures on OBS can be shared by multiple websites.
To perform this operation, you must have the PutBucketCORS permission. By default, only the bucket owner can perform this operation. The bucket owner can grant the permission to other users by configuring the bucket policy or user policy.
Request Syntax
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
PUT /?cors HTTP/1.1 Host: bucketname.obs.region.myhuaweicloud.com Content-Length: length Date: date Authorization: authorization Content-SHA256: SHA256 <?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration> <CORSRule> <ID>id</ID> <AllowedMethod>method</AllowedMethod> <AllowedOrigin>origin</AllowedOrigin> <AllowedHeader>header</AllowedHeader> <MaxAgeSeconds>seconds</MaxAgeSeconds> <ExposeHeader>header</ExposeHeader> </CORSRule> </CORSConfiguration> |
Request Parameters
This request contains no parameters.
Request Headers
This request uses common headers and CORS request headers. For details, see Table 3 and Table 1.
Request Elements
In this request body, you must configure the CORS rules for a bucket in XML format. Table 2 describes the specific configuration elements.
Element |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
CORSConfiguration |
Container |
Yes |
Explanation: Root node of CORSRules. Parent: none Restrictions: The maximum size is 64 KB. Value range: None Default value: None |
CORSRule |
Container |
Yes |
Explanation: CORS rules Parent: CORSConfiguration Restrictions: CORSConfiguration can contain a maximum of 100 rules. Value range: None Default value: None |
ID |
String |
No |
Explanation: The ID of a CORS rule. Parent: CORSRule Restrictions: The ID cannot be longer than 255 characters. Value range: A string of 1 to 255 characters. Default value: None |
AllowedMethod |
String |
Yes |
Explanation: The allowed HTTP methods (types of operations on buckets and objects) for a cross-origin request. Parent: CORSRule Restrictions: None Value range: The following HTTP methods are supported:
Default value: None |
AllowedOrigin |
String |
Yes |
Explanation: The origin that is allowed to access the bucket. Restrictions: Only English domain names are supported. Regular expressions are used to match. Each rule allows at most one asterisk (*). For example, https://*.vbs.example.com. Value range: The value must comply with the CORS protocol and contain 0 to 20480 characters. Default value: None |
AllowedHeader |
String |
No |
Explanation: What headers are allowed in a CORS request. If a CORS request contains the Access-Control-Request-Headers header, the headers listed in this header must match the headers in the AllowedHeader element so that the request can be considered valid. The matching is based on regular expressions. Parent: CORSRule Restrictions: At most one asterisk (*) is allowed. Spaces, ampersands (&), colons (:), less-than signs (<), and full-width characters are not allowed. Value range: The value must comply with the CORS protocol and contain 0 to 20480 characters. Default value: None |
MaxAgeSeconds |
Integer |
No |
Explanation: How long the response can be cached on a client Parent: CORSRule Restrictions: Each CORSRule can contain only one MaxAgeSeconds. It can be set to a negative value. Value range: An integer greater than or equal to 0, in seconds Default value: 3000 |
ExposeHeader |
String |
No |
Explanation: Specifies additional headers allowed in the response by a CORS rule, which are used to provide extra information to clients. By default, a browser can access only headers Content-Length and Content-Type. If the browser needs to access other headers, you need to configure them in this parameter. Parent: CORSRule Restrictions: Spaces, asterisks (*), ampersands (&), colons (:), less-than signs (<), and full-width characters are not allowed. Value range: The value that complies with the CORS Default value: None |
Response Syntax
1 2 3 4 |
HTTP/1.1 status_code Date: date Content-Length: length |
Response Headers
The response to the request uses common headers. For details, see Table 1.
Response Elements
This response contains no elements.
Error Responses
No special error responses are returned. For details about error responses, see Table 2.
Sample Request
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
PUT /?cors HTTP/1.1 User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Accept: */* Date: WED, 01 Jul 2015 03:51:52 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:lq7BGoqE9yyhdEwE6KojJ7ysVxU= Content-SHA256: ogX9qClMrVJUBiUSIKDFM0qO41jJM0I5SCN55/OtMyI= Content-Length: 617 <?xml version="1.0" encoding="utf-8"?> <CORSConfiguration> <CORSRule> <AllowedMethod>POST</AllowedMethod> <AllowedMethod>GET</AllowedMethod> <AllowedMethod>HEAD</AllowedMethod> <AllowedMethod>PUT</AllowedMethod> <AllowedMethod>DELETE</AllowedMethod> <AllowedOrigin>www.example.com</AllowedOrigin> <AllowedHeader>AllowedHeader_1</AllowedHeader> <AllowedHeader>AllowedHeader_2</AllowedHeader> <MaxAgeSeconds>100</MaxAgeSeconds> <ExposeHeader>ExposeHeader_1</ExposeHeader> <ExposeHeader>ExposeHeader_2</ExposeHeader> </CORSRule> </CORSConfiguration> |
Sample Response
1 2 3 4 5 6 7 |
HTTP/1.1 100 Continue HTTP/1.1 200 OK Server: OBS x-obs-request-id: BF26000001643627112BD03512FC94A4 x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSYi6wLC4bkrvuS9sqnlRjxK2a5Fe3ry Date: WED, 01 Jul 2015 03:51:52 GMT Content-Length: 0 |
Sample Request: Configuring Two CORS Rules for a Bucket
PUT /?cors HTTP/1.1 Authorization: OBS H4IPJX0TQTHTHEBQQCEC:iqSPeUBl66PwXDApxjRKk6hlcN4= User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Date: WED, 01 Jul 2015 02:37:22 GMT Content-Type: application/xml Content-MD5: HwVUAzslyD0rroMp/eIdwQ== <CORSConfiguration> <CORSRule> <AllowedOrigin>http://www.example.com</AllowedOrigin> <AllowedMethod>PUT</AllowedMethod> <AllowedMethod>POST</AllowedMethod> <AllowedMethod>DELETE</AllowedMethod> <AllowedHeader>*</AllowedHeader> </CORSRule> <CORSRule> <AllowedOrigin>*</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> </CORSRule> </CORSConfiguration>
Sample Response: Configuring Two CORS Rules for a Bucket
x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCTPXg+yj9IXC9r6mgmWgfSfqQGvHM3rS x-obs-request-id: 0000018A3A14051AD2886D166EE13D98 Server: OBS Content-Length: 0 Date: WED, 01 Jul 2015 02:37:22 GMT
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot