PutBucketCors
Last Updated:2021-12-08
Interface Description
This interface is used to set a cross-origin resource sharing (CORS) rule in the specified bucket. If the original rule exists, it overwrites the original rule.
Permission Description
Only the bucket owner and the user with the FULL_CONTROL permission can set the CORS rules of the bucket. If users have no permission, it returns “403 Forbidden: AccessDenied”.
Request
-
Request syntax
PUT /?cors HTTP/1.1 Host: <BucketName>.bj.bcebos.com x-bce-date: date Content-Length: content_length Content-Type: application/json; charset=utf-8 Authorization: <AuthorizationString> { Cors json file … }
-
Request parameters
None
-
Request header field
No special header parameters.
-
Request element
The CORS JSON file contains the following fields:
Name Description Required? Parent Node corsConfiguration CORS rules container of the bucket Each bucket
can possess up to 100 rules.
If there are multiple configurations, they are executed from top to bottom.Yes No allowedOrigins Container for storing the origin of the cross-origin requests allowed Yes corsConfiguration allowedOrigin Specify the origin of the cross-origin requests allowed, which allows up to
one wildcard*
.
If it is specified as*
, it indicates that the
cross-origin requests from all origins are allowed. In particular, it also supports*
as a suffix to
represent a certain type of website. For example,abc*
means that it supports
the website starting with abc.
Note: allowedOrigin is case sensitive during matching.
Type: stringYes allowedOrigins allowedMethods Container for storing the cross-origin request method allowed Yes corsConfiguration allowedMethod Specify the cross-origin request method allowed. It does not support the wildcard
*
, and it is case sensitive.
Type: enumeration. The value includes “GET, PUT, DELETE,
POST, HEAD”.Yes allowedMethods allowedHeaders Container for storing the allowedHeaders It controls
whether the header specified in Access-Control-
Request-Headers in the OPTIONS prefetch instruction is
allowed.No corsConfiguration allowedHeader It controls whether the header specified in Access-Control
-Request-Headers in the OPTIONS prefetch instruction is allowed.
For each
header specified in Access-Control-Request-Headers, there must be a corresponding
item in allowedHeader. Each header is allowed to use up to one wildcard*
,
which is case insensitive.
Type: String.No allowedHeaders allowedExposeHeaders Container for storing the response headers that are allowed to access from the application by users No corsConfiguration allowedExposeHeader Specify the response header that is allowed to access from the application by users (such as an XMLHttpRequest object of
Javascript). The wildcard
*
is not allowed.
Access-Control
-Expose-Headers are set in the OPTIONS request based on this definition.
Type: String.No allowedExposeHeaders maxAgeSeconds Specify the time for the browser to cache the prefetch request return
results (OPTIONS) of specific resources. The requester does not need to send duplicate
preflight
requests within the cache time expressed in second.
Type:Int64.No corsConfiguration
Response
-
Response header field
None
-
Response element
None
Considerations
- The CORS permission of the bucket is set to “Cross-origin Not Allowed” through this API before the setting of CORS rules.
- One rule file is allowed for each bucket at most. Therefore, the uploaded rule file overwrites the original one.
- The file size of CORS rules is limited to 20KB. Therefore, if the file size exceeds 20KB during the request, it returns “400 Bad Request: EntityTooLarge”. EntityTooLarge)。
Example
-
Request example
PUT /?cors HTTP/1.1 Host: BucketName.bj.bcebos.com x-bce-date: 2016-04-06T08:23:49Z Content-Length: 1024 Content-Type: application/json; charset=utf-8 Authorization: AuthorizationString { "corsConfiguration": [ { "allowedOrigins": [ "http://www.example.com", "www.example2.com" ], "allowedMethods": [ "GET", "HEAD", "DELETE" ], "allowedHeaders": [ "Authorization", "x-bce-test", "x-bce-test2" ], "allowedExposeHeaders": [ "user-custom-expose-header" ], "maxAgeSeconds": 3600 }, { "allowedOrigins": [ "http://www.baidu.com" ], "allowedMethods": [ "GET", "HEAD", "DELETE" ], "allowedHeaders": [ "*", ], "allowedExposeHeaders": [ "user-custom-expose-header" ], "maxAgeSeconds": 1800 } ] }
-
Response example
HTTP/1.1 200 OK x-bce-request-id: 4db2b34d-654d-4d8a-b49b-3049ca786409 Content-Length: 0 Date: Wed, 06 Apr 2016 06:34:40 GMT Server: BceBos