Cross-origin resource sharing (CORS) allows web applications to access resources from a different domain. OSS provides API operations for CORS to control permissions for cross-domain access.
Set CORS rules
The following code sets the CORS rules for a bucket:
const OSS = require('ali-oss');
const client = new OSS({
// Set yourRegion to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set Region to oss-cn-hangzhou.
region: 'yourRegion',
// Obtain access credentials from environment variables. Before running this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
accessKeyId: process.env.OSS_ACCESS_KEY_ID,
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
authorizationV4: true,
// Specify the bucket name.
bucket: 'yourBucket'
});
const rules = [{
// Specify the allowed origins for cross-origin requests. The wildcard character asterisk (*) is supported, which allows all source domains.
allowedOrigin: 'http://example.com',
// Specify the allowed methods for cross-origin requests. Supported methods include GET, PUT, DELETE, POST, and HEAD.
allowedMethod: 'GET',
// Specify the allowed response headers for cross-origin requests. Set this to the wildcard character asterisk (*) unless you have specific requirements.
allowedHeader: '*',
// Specify the response headers that users can access from applications, such as a JavaScript XMLHttpRequest object. The wildcard character asterisk (*) is not allowed.
exposeHeader: 'Content-Length',
// Specify the cache duration, in seconds, for the results of preflight (OPTIONS) requests for a specific resource.
maxAgeSeconds: '30'
},
];
// Set a maximum of 10 CORS rules. If you configure a rule that is the same as an existing one, the existing rule is overwritten.
client.putBucketCORS("yourBucket", rules).then((r) => {
console.log(r);
}); Get CORS rules
The following code retrieves the CORS rules for a bucket:
const OSS = require("ali-oss");
const assert = require("assert");
const client = new OSS({
// Set yourRegion to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set Region to oss-cn-hangzhou.
region: 'yourRegion',
// Obtain access credentials from environment variables. Before running this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
accessKeyId: process.env.OSS_ACCESS_KEY_ID,
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
authorizationV4: true,
// Specify the bucket name.
bucket: "yourBucket",
});
// Specify the bucket name.
client.getBucketCORS("yourBucket").then((r) => {
assert.equal(r.res.status, 200);
assert.deepEqual(r.rules, [
{
allowedOrigin: "http://example.com",
allowedMethod: "GET",
allowedHeader: "*",
exposeHeader: "Content-Length",
maxAgeSeconds: "30",
},
]);
});Delete CORS rules
The following code deletes all CORS rules for a bucket:
const OSS = require('ali-oss');
const client = new OSS({
// Set yourRegion to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set Region to oss-cn-hangzhou.
region: 'yourRegion',
// Obtain access credentials from environment variables. Before running this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
accessKeyId: process.env.OSS_ACCESS_KEY_ID,
accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
authorizationV4: true,
// Specify the bucket name.
bucket: "yourBucket",
});
// Specify the bucket name.
client.deleteBucketCORS('yourBucket').then((res) => {
console.log(res);
}).catch(e => {
console.log(e)
})References
For complete sample code for cross-origin resource sharing, see the GitHub examples.
For more information about the API operation to set CORS rules, see PutBucketCors.
For more information about the API operation to retrieve CORS rules, see GetBucketCors.
For more information about the API operation to delete CORS rules, see DeleteBucketCors.