All Products
Search

This Product

    Object Storage Service:Cross-origin resource sharing (Ruby SDK)

    Document Center

    Object Storage Service:Cross-origin resource sharing (Ruby SDK)

    Last Updated:Nov 29, 2025

    Due to the same-origin policy of browsers, cross-origin requests may be rejected when data is exchanged or resources are shared between different domain names. To resolve the issue, you can configure cross-origin resource sharing (CORS) rules. In the CORS rules, you can specify the domain names from which requests can be sent, the methods that can be used to send cross-origin requests, and the allowed headers.

    Set CORS rules

    The following code sets CORS rules for a specified bucket:

    require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # The China (Hangzhou) region is used as an example for the endpoint. Specify the endpoint based on your region.
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # Obtain access credentials from environment variables. Before running this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  access_key_id: ENV['OSS_ACCESS_KEY_ID'],
  access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)

# Specify the bucket name, such as examplebucket.
bucket = client.get_bucket('examplebucket')
# Set the CORS rules.
bucket.cors = [
    Aliyun::OSS::CORSRule.new(
      # Specify the allowed origins for cross-origin requests, such as http://example.com.
      :allowed_origins => ['http://example.com', 'http://example.net'],
      # Specify the allowed HTTP methods for cross-origin requests, such as GET, PUT, DELETE, POST, and HEAD.
      :allowed_methods => ['PUT', 'POST', 'GET'],
      # Specify the allowed headers in OPTIONS preflight requests, such as x-oss-test.
      :allowed_headers => ['x-oss-test'],
      # Specify the response headers that users can access from applications.
      :expose_headers => ['x-oss-test1'],
      # Specify the cache duration for the results of an OPTIONS preflight request for a specific resource. Unit: seconds.
      :max_age_seconds => 100)
]

    Get CORS rules

    The following code retrieves the CORS rules for a bucket:

    require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # The China (Hangzhou) region is used as an example for the endpoint. Specify the endpoint based on your region.
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
    # Obtain access credentials from environment variables. Before running this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  access_key_id: ENV['OSS_ACCESS_KEY_ID'],
  access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)

# Specify the bucket name, such as examplebucket.
bucket = client.get_bucket('examplebucket')
cors = bucket.cors
puts cors.map(&:to_s)

    Delete CORS rules

    The following code deletes all CORS rules for a specified bucket:

    require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # The China (Hangzhou) region is used as an example for the endpoint. Specify the endpoint based on your region.
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # Obtain access credentials from environment variables. Before running this code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  access_key_id: ENV['OSS_ACCESS_KEY_ID'],
  access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)

# Specify the bucket name, such as examplebucket.
bucket = client.get_bucket('examplebucket')
bucket.cors = []

    References

    • For more information about the API operation used to set cross-origin resource sharing (CORS) rules, see PutBucketCors.

    • For more information, see GetBucketCors.

    • For more information about deleting cross-origin resource sharing (CORS) rules, see DeleteBucketCors.