All Products
Search
Document Center

Object Storage Service:GetBucketCors

Last Updated:Apr 29, 2024

Queries the cross-origin resource sharing (CORS) rules of a bucket.

Request structure

GET /? cors HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Date: GMT Date
Authorization: SignatureValue

Request headers

This request contains only common request headers. For more information, see Common HTTP headers.

Response headers

This request contains only common response headers. For more information, see Common HTTP headers.

Response parameters

Parameter

Type

Example

Description

CORSRule

Container

N/A

The container that stores CORS rules. Up to 10 rules can be configured for a bucket.

Parent nodes: CORSConfiguration

AllowedOrigin

String

*

The sources from which cross-origin requests are allowed. If AllowedOrigin is set to an asterisk (*), cross-origin requests from all sources are allowed.

Parent nodes: CORSRule

AllowedMethod

Enumeration (GET, PUT, DELETE, POST, and HEAD)

GET

The cross-origin request methods that are allowed.

Parent nodes: CORSRule

AllowedHeader

String

*

Indicates whether the headers specified by Access-Control-Request-Headers in the OPTIONS preflight request are allowed. Each header specified by Access-Control-Request-Headers must match the value of an AllowedHeader element.

Parent nodes: CORSRule

ExposeHeader

String

x-oss-test

The response headers for allowed access requests from applications, such as an XMLHttpRequest object in JavaScript.

Parent nodes: CORSRule

MaxAgeSeconds

Integer

100

The period of time within which the browser can cache the response for an OPTIONS preflight request to specific resources. A CORS rule can contain only one MaxAgeSeconds parameter.

Unit: seconds

Parent nodes: CORSRule

CORSConfiguration

Container

N/A

The container that stores CORS configurations of the bucket.

Parent nodes: none

ResponseVary

Boolean

false

Indicates whether the Vary: Origin header was returned. Default value: false.

  • true: The Vary: Origin header is returned regardless whether the request is a cross-origin request or whether the cross-origin request succeeds.

  • false: The Vary: Origin header is not returned.

Parent nodes: CORSConfiguration

Examples

Sample request

Get /? cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com  
Date: Thu, 13 Sep 2012 07:51:28 GMT
Authorization: OSS qn6q**************:77Dv****************

Sample response

HTTP/1.1 200
x-oss-request-id: 50519080C4689A033D00****
Date: Thu, 13 Sep 2012 07:51:28 GMT
Connection: keep-alive
Content-Length: 218  
Server: AliyunOSS
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
    <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <AllowedHeader>*</AllowedHeader>
      <ExposeHeader>x-oss-test</ExposeHeader>
      <MaxAgeSeconds>100</MaxAgeSeconds>
    </CORSRule>
    <ResponseVary>false</ResponseVary>
</CORSConfiguration>

OSS SDKs

You can use OSS SDKs for the following programming languages to call GetBucketCors:

Error codes

Error code

HTTP status code

Description

NoSuchBucket

404

The error message returned because the specified bucket does not exist.

NoSuchCORSConfiguration

404

The error message returned because the specified CORS rule does not exist.

AccessDenied

403

The error message returned because you are not authorized to perform this operation. Only the owner of a bucket can query the CORS rules configured for the bucket.