Baidu AI Cloud
中国站

百度智能云
All Product Document

Object Storage

  • Object Storage
  • >
  • API Reference
  • >
  • Bucket Related Interfaces
  • >
  • Cross-region Access
  • >
  • PutBucketCors

PutBucketCors

Last Updated2021-12-08

Interface Description

This interface is used to set a cross-origin resource sharing (CORS) rule in the specified bucket. If the original rule exists, it overwrites the original rule.

Permission Description

Only the bucket owner and the user with the FULL_CONTROL permission can set the CORS rules of the bucket. If users have no permission, it returns “403 Forbidden: AccessDenied”.

Request

  • Request syntax

       PUT /?cors HTTP/1.1
   Host: <BucketName>.bj.bcebos.com
   x-bce-date: date
   Content-Length: content_length
   Content-Type: application/json; charset=utf-8
   Authorization: <AuthorizationString>

   {
       Cors json file …
   }

  • Request parameters

    None

  • Request header field

    No special header parameters.

  • Request element

    The CORS JSON file contains the following fields:

    Name Description Required? Parent Node
    corsConfiguration CORS rules container of the bucket Each bucket
    can possess up to 100 rules.
    If there are multiple configurations, they are executed from top to bottom.    		 Yes No
    allowedOrigins Container for storing the origin of the cross-origin requests allowed Yes corsConfiguration
    allowedOrigin Specify the origin of the cross-origin requests allowed, which allows up to
    one wildcard *.
    If it is specified as *, it indicates that the
    cross-origin requests from all origins are allowed. In particular, it also supports * as a suffix to
    represent a certain type of website. For example, abc* means that it supports
    the website starting with abc.
    Note: allowedOrigin is case sensitive during matching.
    Type: string    		 Yes allowedOrigins
    allowedMethods Container for storing the cross-origin request method allowed Yes corsConfiguration
    allowedMethod Specify the cross-origin request method allowed. It does not support the wildcard
    *, and it is case sensitive.
    Type: enumeration. The value includes “GET, PUT, DELETE,
    POST, HEAD”.    		 Yes allowedMethods
    allowedHeaders Container for storing the allowedHeaders It controls
    whether the header specified in Access-Control-
    Request-Headers in the OPTIONS prefetch instruction is
    allowed.    		 No corsConfiguration
    allowedHeader It controls whether the header specified in Access-Control
    -Request-Headers in the OPTIONS prefetch instruction is allowed.
    For each
    header specified in Access-Control-Request-Headers, there must be a corresponding
    item in allowedHeader. Each header is allowed to use up to one wildcard *,
    which is case insensitive.
    Type: String.    		 No allowedHeaders
    allowedExposeHeaders Container for storing the response headers that are allowed to access from the application by users No corsConfiguration
    allowedExposeHeader Specify the response header that is allowed to access from the application by users (such as an XMLHttpRequest object of
    Javascript). The wildcard
    * is not allowed.
    Access-Control
    -Expose-Headers are set in the OPTIONS request based on this definition.
    Type: String.    		 No allowedExposeHeaders
    maxAgeSeconds Specify the time for the browser to cache the prefetch request return
    results (OPTIONS) of specific resources. The requester does not need to send duplicate
    preflight
    requests within the cache time expressed in second.
    Type:Int64.    		 No corsConfiguration

Response

  • Response header field

    None

  • Response element

    None

    Considerations

    • The CORS permission of the bucket is set to “Cross-origin Not Allowed” through this API before the setting of CORS rules.
    • One rule file is allowed for each bucket at most. Therefore, the uploaded rule file overwrites the original one.
    • The file size of CORS rules is limited to 20KB. Therefore, if the file size exceeds 20KB during the request, it returns “400 Bad Request: EntityTooLarge”. EntityTooLarge)。

Example

  • Request example

     PUT /?cors HTTP/1.1 
 Host: BucketName.bj.bcebos.com
 x-bce-date: 2016-04-06T08:23:49Z 
 Content-Length: 1024
 Content-Type: application/json; charset=utf-8
 Authorization: AuthorizationString

 {
     "corsConfiguration": [
             {
             "allowedOrigins": [
                 "http://www.example.com",
                 "www.example2.com"
             ],
             "allowedMethods": [
                     "GET",
                     "HEAD",
                     "DELETE"
                 ],
              "allowedHeaders": [
                     "Authorization",
                     "x-bce-test",
                     "x-bce-test2"
                 ],
             "allowedExposeHeaders": [
                  "user-custom-expose-header"
             ],
             "maxAgeSeconds": 3600
         },
         {	
             "allowedOrigins": [
                 "http://www.baidu.com"
             ],
             "allowedMethods": [
                     "GET",
                     "HEAD",
                     "DELETE"
                 ],
             "allowedHeaders": [
                     "*",
             ],
             "allowedExposeHeaders": [
                  "user-custom-expose-header"
             ],
             "maxAgeSeconds": 1800
         }
     ]
 }

  • Response example

          HTTP/1.1 200 OK
      x-bce-request-id: 4db2b34d-654d-4d8a-b49b-3049ca786409
      Content-Length: 0
      Date: Wed, 06 Apr 2016 06:34:40 GMT
      Server: BceBos
Previous
Copyright Protection
Next
DeleteBucketCors