GetBucketCors
Last Updated:2021-12-08
Interface Description
This interface is used to get the current CORS rules of the specified bucket.
Permission Description
Only the bucket owner and the user with the FULL_CONTROL permission can set the CORS rules of the bucket. If users have no permission, it returns “403 Forbidden: AccessDenied.
Request
-
Request syntax
GET /?cors HTTP/1.1 Host: <BucketName>.bj.bcebos.com Date: date Authorization: <AuthorizationString>
-
Request parameters
None
-
Request header field
No special header parameters.
-
Request element
None
Response
-
Response header field
None
-
Response element
Name Description Required? Parent node corsConfiguration CORS rule container of the bucket. Each bucket can possess up to 100 rules. If there are multiple configurations, they are executed from top to bottom. Yes No allowedOrigins Container for storing the origin of the cross-origin requests allowed Yes corsConfiguration allowedOrigin Specify the origin of the cross-origin requests allowed, which allows up to one wildcard *
. If it is specified as*
, it indicates that the cross-origin requests from all origins are allowed. In particular, it also supports*
as a suffix to represent a certain type of website. For example,abc*
means that it supports the website starting with abc. Note: allowedOrigin is case sensitive during matching. Type: stringYes allowedOrigins allowedMethods Container for storing the cross-origin request method allowed Yes corsConfiguration allowedMethod Specify the cross-origin request method allowed. It does not support the wildcard *,
and it is case sensitive. Type: enumeration. The value includes “GET, PUT, DELETE, POST, HEAD”.Yes allowedMethods allowedHeaders Container for storing the allowedHeaders It controls whether the header specified in Access-Control-Request-Headers in the OPTIONS prefetch instruction is allowed. No corsConfiguration allowedHeader It controls whether the header specified in Access-Control-Request-Headers in the OPTIONS prefetch instruction is allowed. For each header specified in Access-Control-Request-Headers, there must be a corresponding item in allowedHeader. Each header is allowed to use up to one wildcard *
, which is case insensitive. Type: String.No allowedHeaders allowedExposeHeaders Container for storing the response headers that are allowed to access from the application by users No corsConfiguration allowedExposeHeader It specifies the response header that is allowed to access from the application by users (such as an XMLHttpRequest object of Javascript). The wildcard *
is not allowed. Access-Control-Expose-Headers are set in the OPTIONS request based on this definition. Type: String.No allowedExposeHeaders maxAgeSeconds It specifies the time for the browser to cache the prefetch request return results (OPTIONS) of specific resources. The requester does not need to send duplicate preflight requests within the cache time expressed in seconds. Type: Int64. No corsConfiguration
Considerations
- Where the bucket does not exist, it returns “404 Not Found: NoSuchBucket”.
- If the CORS rules do not exist, it returns “404 Not Found: NoSuchCORSConfiguration”.
Example
-
Request example
GET /?cors HTTP/1.1 Host: <BucketName>.bj.bcebos.com Date: Wed, 06 Apr 2016 06:34:40 GMT Authorization: AuthorizationString
-
Response example
HTTP/1.1 200 OK x-bce-request-id: 4db2b34d-654d-4d8a-b49b-3049ca786409 Date: Wed, 06 Apr 2016 06:34:40 GMT Content-Length: 1324 Content-Type: application/json; charset=utf-8 Server: BceBos { "corsConfiguration": [ { "allowedOrigins": [ "http://www.example.com", "www.example2.com" ], "allowedMethods": [ "GET", "HEAD", "DELETE" ], "allowedHeaders": [ "Authorization", "x-bce-test", "x-bce-test2" ], "allowedExposeHeaders": [ "user-custom-expose-header" ], "maxAgeSeconds": 3600 }, { "allowedOrigins": [ "http://www.baidu.com" ], "allowedMethods": [ "GET", "HEAD", "DELETE" ], "allowedHeaders": [ "*" ], "allowedExposeHeaders": [ "user-custom-expose-header" ], "maxAgeSeconds": 1800 } ] }