All Products
Search
Document Center

Object Storage Service:CORS

Last Updated:Nov 14, 2024

Cross-origin resource sharing (CORS) allows web applications to access resources that belong to different origins. Object Storage Service (OSS) provides CORS API operations to control cross-origin access.

Configure CORS rules

The following sample code provides an example on how to configure CORS rules for a specified bucket:

const OSS = require('ali-oss');

const client = new OSS({
  // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to oss-cn-hangzhou. 
  region: 'yourRegion',
  // Obtain access credentials from environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET. 
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Specify the name of the bucket. 
  bucket: 'yourBucket'
});

const rules = [{
        // Specify the origin of allowed cross-origin requests. You can set the origin to an asterisk (*) to allow requests from all regions. 
        allowedOrigin: 'http://example.com',
        // Specify the methods that can be used to send cross-origin requests, including GET, PUT, DELETE, POST, and HEAD. 
        allowedMethod: 'GET',
        // Specify the response headers that allow cross-origin requests. We recommend that you use an asterisk (*) as the value, unless otherwise specified. 
        allowedHeader: '*',
        // Specify the response headers for allowed access requests from applications, such as an XMLHttpRequest object in JavaScript. An asterisk (*) is not supported. 
        exposeHeader: 'Content-Length',
        // Specify the period of time in which the browser can cache the response to an OPTIONS preflight request for specific resources. Unit: seconds. 
        maxAgeSeconds: '30'
  },
];
// You can configure up to 10 CORS rules. If a new rule that is the same as an existing rule is configured, the existing rule is overwritten. 
client.putBucketCORS("yourBucket", rules).then((r) => {
  console.log(r);
});           

Query CORS rules

The following sample code provides an example on how to query the CORS rules of a specified bucket:

const OSS = require("ali-oss");
const assert = require("assert");

const client = new OSS({
  // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to oss-cn-hangzhou. 
  region: 'yourRegion',
  // Obtain access credentials from environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET. 
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Specify the name of the bucket. 
  bucket: "yourBucket",
});

// Specify the name of the bucket. 
client.getBucketCORS("yourBucket").then((r) => {
  assert.equal(r.res.status, 200);
  assert.deepEqual(r.rules, [
    {
      allowedOrigin: "http://example.com",
      allowedMethod: "GET",
      allowedHeader: "*",
      exposeHeader: "Content-Length",
      maxAgeSeconds: "30",
    },
  ]);
});

Delete CORS rules

The following sample code provides an example on how to delete the CORS rules configured for a specified bucket:

const OSS = require('ali-oss');

const client = new OSS({
  // Specify the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the region to oss-cn-hangzhou. 
  region: 'yourRegion',
  // Obtain access credentials from environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET. 
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Specify the name of the bucket. 
  bucket: "yourBucket",
});

// Specify the name of the bucket. 
client.deleteBucketCORS('yourBucket').then((res) => {
  console.log(res);
}).catch(e => {
  console.log(e)
})

References

  • For the complete sample code that is used to manage CORS rules, visit GitHub.

  • For more information about the API operation that you can call to configure CORS rules, see PutBucketCors.

  • For more information about the API operation that you can call to query CORS rules, see GetBucketCors.

  • For more information about the API operation that you can call to delete CORS rules, see DeleteBucketCors.