All Products
Search

This Product

    Object Storage Service:cors-options

    Document Center

    Object Storage Service:cors-options

    Last Updated:Aug 15, 2024

    Cross-origin resource sharing (CORS) is a standard cross-origin solution that is provided by HTML5 to allow web application servers to control cross-origin access. This ensures the security of data transmission across origins. You can run the cors-options command to send HTTP OPTIONS requests to Object Storage Service (OSS) and check whether specific cross-origin requests are allowed.

    Note

    • For ossutil 1.6.16 and later, you can directly use ossutil as the binary name in the command line. You do not need to update the binary name based on the operating system. For ossutil earlier than 1.6.16, you need to update the binary name based on the operating system. For more information, see ossutil command reference.

    • For more information about CORS, see cors.

    Command syntax

    ossutil cors-options oss://bucketname/[objectname]
[--acr-method <value>]
[--origin <value>]
[--acr-headers <value>]

    The following table describes the preceding parameters and options.

    Parameter/Option

    Description

    bucketname

    The name of the bucket to access.

    objectname

    The name of the object to access.

    --acr-method

    The method that is allowed to use in the request. This parameter corresponds to Access-Control-Request-Method. Valid values are GET, PUT, POST, DELETE, and HEAD.

    --origin

    The origin from which you want to allow cross-origin requests. Example: http://www.aliyun.com.

    --acr-headers

    The headers that can be used in the request except for simple headers. This parameter corresponds to Access-Control-Request-Headers. You can specify multiple headers in a request. Separate multiple headers with commas (,). Example: --acr-headers "header1,header2,header3".

    Examples

    Run the following command to check whether the examplebucket bucket allows cross-origin requests that use PUT from http://www.aliyun.com: 

    ossutil cors-options --acr-method  put --origin "http://www.aliyun.com" oss://examplebucket

    A similar output is displayed if examplebucket allows cross-origin requests. 

    Access-Control-Allow-Methods: GET, POST, PUT
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 0

0.079520(s) elapsed

    A similar output is displayed if examplebucket denies cross-origin requests. 

    Error: oss: service returned error: StatusCode=403, ErrorCode=AccessForbidden, ErrorMessage="CORSResponse: This CORS request is not allowed. This is usually
 because the evalution of Origin, request method / Access-Control-Request-Method or Access-Control-Requet-Headers are not whitelisted by the resource's CORS
 spec.", RequestId=60F7F55F553DA2363138****

    Common options

    For example, you can run the following command to synchronize the srcfolder directory from the examplebucket bucket to the examplefolder directory in the testbucket bucket. The examplebucket bucket is located in the China (Shanghai) region and is owned by another Alibaba Cloud account.

    ./ossutil64 sync oss://examplebucket/srcfolder/  oss://testbucket/examplefolder/ -e oss-cn-shanghai.aliyuncs.com -i LTAI4Fw2NbDUCV8zYUzA****  -k 67DLVBkH7EamOjy2W5RVAHUY9H****

    For example, you can run the following command to check whether a bucket named testbucket allows cross-origin requests that use PUT from http://www.alibabacloud.com. This bucket is located in the China (Hangzhou) region and owned by another Alibaba Cloud account.

    ossutil cors-options --acr-method  put --origin "http://www.alibabacloud.com" oss:/testbucket -e oss-cn-hangzhou.aliyuncs.com -i LTAI4Fw2NbDUCV8zYUzA****  -k 67DLVBkH7EamOjy2W5RVAHUY9H****

    For more information about common options, see Common options.