Queries the cross-origin resource sharing (CORS) rules of a bucket.
Request structure
GET /? cors HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue
Request headers
This request contains only common request headers. For more information, see Common HTTP headers.
Response headers
This request contains only common response headers. For more information, see Common HTTP headers.
Response parameters
Parameter | Type | Example | Description |
CORSRule | Container | N/A | The container that stores CORS rules. Up to 10 rules can be configured for a bucket. Parent nodes: CORSConfiguration |
AllowedOrigin | String | * | The sources from which cross-origin requests are allowed. If AllowedOrigin is set to an asterisk (*), cross-origin requests from all sources are allowed. Parent nodes: CORSRule |
AllowedMethod | Enumeration (GET, PUT, DELETE, POST, and HEAD) | GET | The cross-origin request methods that are allowed. Parent nodes: CORSRule |
AllowedHeader | String | * | Indicates whether the headers specified by Access-Control-Request-Headers in the OPTIONS preflight request are allowed. Each header specified by Access-Control-Request-Headers must match the value of an AllowedHeader element. Parent nodes: CORSRule |
ExposeHeader | String | x-oss-test | The response headers for allowed access requests from applications, such as an XMLHttpRequest object in JavaScript. Parent nodes: CORSRule |
MaxAgeSeconds | Integer | 100 | The period of time within which the browser can cache the response for an OPTIONS preflight request to specific resources. A CORS rule can contain only one MaxAgeSeconds parameter. Unit: seconds Parent nodes: CORSRule |
CORSConfiguration | Container | N/A | The container that stores CORS configurations of the bucket. Parent nodes: none |
ResponseVary | Boolean | false | Indicates whether the Vary: Origin header was returned. Default value: false.
Parent nodes: CORSConfiguration |
Examples
Sample request
Get /? cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Date: Thu, 13 Sep 2012 07:51:28 GMT
Authorization: OSS qn6q**************:77Dv****************
Sample response
HTTP/1.1 200
x-oss-request-id: 50519080C4689A033D00****
Date: Thu, 13 Sep 2012 07:51:28 GMT
Connection: keep-alive
Content-Length: 218
Server: AliyunOSS
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<ExposeHeader>x-oss-test</ExposeHeader>
<MaxAgeSeconds>100</MaxAgeSeconds>
</CORSRule>
<ResponseVary>false</ResponseVary>
</CORSConfiguration>
OSS SDKs
You can use OSS SDKs for the following programming languages to call GetBucketCors:
Error codes
Error code | HTTP status code | Description |
NoSuchBucket | 404 | The error message returned because the specified bucket does not exist. |
NoSuchCORSConfiguration | 404 | The error message returned because the specified CORS rule does not exist. |
AccessDenied | 403 | The error message returned because you are not authorized to perform this operation. Only the owner of a bucket can query the CORS rules configured for the bucket. |