Interface Description

This interface is used to set a cross-origin resource sharing (CORS) rule in the specified bucket. If the original rule exists, it overwrites the original rule.

Permission Description

Only the bucket owner and the user with the FULL_CONTROL permission can set the CORS rules of the bucket. If users have no permission, it returns “403 Forbidden: AccessDenied”.

Request

• Request syntax

     PUT /?cors HTTP/1.1
     Host: <BucketName>.bj.bcebos.com
     x-bce-date: date
     Content-Length: content_length
     Content-Type: application/json; charset=utf-8
     Authorization: <AuthorizationString>
  
     {
         Cors json file …
     }

• Request parameters

  None

• Request header field

  No special header parameters.

• Request element

  The CORS JSON file contains the following fields:

  Name	Description	Required?	Parent Node
  corsConfiguration	CORS rules container of the bucket Each bucket can possess up to 100 rules. If there are multiple configurations, they are executed from top to bottom.	Yes	No
  allowedOrigins	Container for storing the origin of the cross-origin requests allowed	Yes	corsConfiguration
  allowedOrigin	Specify the origin of the cross-origin requests allowed, which allows up to one wildcard *. If it is specified as *, it indicates that the cross-origin requests from all origins are allowed. In particular, it also supports * as a suffix to represent a certain type of website. For example, abc* means that it supports the website starting with abc. Note: allowedOrigin is case sensitive during matching. Type: string	Yes	allowedOrigins
  allowedMethods	Container for storing the cross-origin request method allowed	Yes	corsConfiguration
  allowedMethod	Specify the cross-origin request method allowed. It does not support the wildcard *, and it is case sensitive. Type: enumeration. The value includes “GET, PUT, DELETE, POST, HEAD”.	Yes	allowedMethods
  allowedHeaders	Container for storing the allowedHeaders It controls whether the header specified in Access-Control- Request-Headers in the OPTIONS prefetch instruction is allowed.	No	corsConfiguration
  allowedHeader	It controls whether the header specified in Access-Control -Request-Headers in the OPTIONS prefetch instruction is allowed. For each header specified in Access-Control-Request-Headers, there must be a corresponding item in allowedHeader. Each header is allowed to use up to one wildcard *, which is case insensitive. Type: String.	No	allowedHeaders
  allowedExposeHeaders	Container for storing the response headers that are allowed to access from the application by users	No	corsConfiguration
  allowedExposeHeader	Specify the response header that is allowed to access from the application by users (such as an XMLHttpRequest object of Javascript). The wildcard * is not allowed. Access-Control -Expose-Headers are set in the OPTIONS request based on this definition. Type: String.	No	allowedExposeHeaders
  maxAgeSeconds	Specify the time for the browser to cache the prefetch request return results (OPTIONS) of specific resources. The requester does not need to send duplicate preflight requests within the cache time expressed in second. Type:Int64.	No	corsConfiguration

Response

• Response header field

  None

• Response element

  None

  Considerations

  • The CORS permission of the bucket is set to “Cross-origin Not Allowed” through this API before the setting of CORS rules.
  • One rule file is allowed for each bucket at most. Therefore, the uploaded rule file overwrites the original one.
  • The file size of CORS rules is limited to 20KB. Therefore, if the file size exceeds 20KB during the request, it returns “400 Bad Request: EntityTooLarge”. EntityTooLarge）。

Example

• Request example

   PUT /?cors HTTP/1.1 
   Host: BucketName.bj.bcebos.com
   x-bce-date: 2016-04-06T08:23:49Z 
   Content-Length: 1024
   Content-Type: application/json; charset=utf-8
   Authorization: AuthorizationString
  
   {
       "corsConfiguration": [
               {
               "allowedOrigins": [
                   "http://www.example.com",
                   "www.example2.com"
               ],
               "allowedMethods": [
                       "GET",
                       "HEAD",
                       "DELETE"
                   ],
                "allowedHeaders": [
                       "Authorization",
                       "x-bce-test",
                       "x-bce-test2"
                   ],
               "allowedExposeHeaders": [
                    "user-custom-expose-header"
               ],
               "maxAgeSeconds": 3600
           }，
           {	
               "allowedOrigins": [
                   "http://www.baidu.com"
               ],
               "allowedMethods": [
                       "GET",
                       "HEAD",
                       "DELETE"
                   ],
               "allowedHeaders": [
                       "*",
               ],
               "allowedExposeHeaders": [
                    "user-custom-expose-header"
               ],
               "maxAgeSeconds": 1800
           }
       ]
   }

• Response example

        HTTP/1.1 200 OK
        x-bce-request-id: 4db2b34d-654d-4d8a-b49b-3049ca786409
        Content-Length: 0
        Date: Wed, 06 Apr 2016 06:34:40 GMT
        Server: BceBos