PutBucketCors

API description

This API is used to set a Cross-Origin Resource Sharing (CORS) rule for a specific bucket. The new rule will replace any existing rules.

Permission

Only the bucket owner or users granted FULL_CONTROL permissions can set bucket CORS. If the necessary permissions are not granted, the server will return a 403 Forbidden error with the AccessDenied code.

Request

• Request syntax

  Plain Text Copy

  1   PUT /?cors HTTP/1.1
  2   Host: <BucketName>.bj.bcebos.com
  3   x-bce-date: date
  4   Content-Length: content_length
  5   Content-Type: application/json; charset=utf-8
  6   Authorization: <AuthorizationString>
  7   {
  8       Cors json file …
  9   }

• Request parameters

  None

• Request headers

  No special header parameters

• Request elements

  CORS JSON file contains the following fields:

  Name	Description	Whether required	Parent node
  corsConfiguration	Container for bucket CORS rules. Each Bucket allows up to 100 rules. If multiple configurations exist, execution follows the top-to-bottom order.	Yes	None
  allowedOrigins	A container that stores the allowed origins for cross-origin requests.	Yes	corsConfiguration
  allowedOrigin	Specified allowed origin for cross-origin requests, allowing up to one * wildcard. If it is specified as *, cross-origin requests from all sources are allowed. Specifically, * can be used as a suffix to indicate a category of websites. For example, abc* indicates that websites starting with abc is allowed. Note: allowedOrigin matching is case-sensitive. Type: string	Yes	allowedOrigins
  allowedMethods	A container that stores the allowed methods for cross-origin requests.	Yes	corsConfiguration
  allowedMethod	Specified allowed cross-origin request methods. It does not support the wildcard *, and is case-sensitive. Type: Enumeration, with values "GET, PUT, DELETE, POST and HEAD".	Yes	allowedMethods
  allowedHeaders	A container storing allowed allowedHeaders. It controls whether the headers specified in the Access-Control- Request-Headers of the OPTIONS prefetch command are allowed .	No	corsConfiguration
  allowedHeader	It controls whether the headers specified in the Access-Control -Request-Headers of the OPTIONS prefetch command are allowed. Each header specified in Access-Control-Request-Headers must have a corresponding entry in allowedHeader. Each header allows up to one * wildcard, and is case-insensitive. Type: string.	No	allowedHeaders
  allowedExposeHeaders	A container that stores the response headers accessible to users from applications.	No	corsConfiguration
  allowedExposeHeader	Specified response headers accessible to users from applications (e.g., the XMLHttpRequest object of one Javascript). The use of wildcard * is not allowed. Access-Control -Expose-Headers will be set in OPTIONS requests based on this definition. Type: string.	No	allowedExposeHeaders
  maxAgeSeconds	Specified cache duration (in seconds) in the browser for the response results of prefetch (OPTIONS) request , during which repeated prefetch requests are unnecessary, in seconds. Type: Int64.	No	corsConfiguration

Response

• Response headers

  None

• Response element

  None

  Notes

  • Before using this API to set CORS rules, the bucket's CORS permission is configured to disallow cross-origin operations.
  • Each bucket permits only a single rule file. Therefore, uploading a new rule file will overwrite any existing rules.
  • The size limit for a CORS rule file is 20KB. Requests exceeding this size will result in a 400 Bad Request error with the EntityTooLarge code.

Example

• Request example

  Plain Text Copy

  1 PUT /?cors HTTP/1.1
  2 Host: BucketName.bj.bcebos.com
  3 x-bce-date: 2016-04-06T08:23:49Z
  4 Content-Length: 1024
  5 Content-Type: application/json; charset=utf-8
  6 Authorization: AuthorizationString
  7 {
  8     "corsConfiguration": [
  9             {
  10             "allowedOrigins": [
  11                 "http://www.example.com",
  12                 "www.example2.com"
  13             ],
  14             "allowedMethods": [
  15                     "GET",
  16                     "HEAD",
  17                     "DELETE"
  18                 ],
  19              "allowedHeaders": [
  20                     "Authorization",
  21                     "x-bce-test",
  22                     "x-bce-test2"
  23                 ],
  24             "allowedExposeHeaders": [
  25                  "user-custom-expose-header"
  26             ],
  27             "maxAgeSeconds": 3600
  28         }，
  29         {	
  30             "allowedOrigins": [
  31                 "http://www.baidu.com"
  32             ],
  33             "allowedMethods": [
  34                     "GET",
  35                     "HEAD",
  36                     "DELETE"
  37                 ],
  38             "allowedHeaders": [
  39                     "*",
  40             ],
  41             "allowedExposeHeaders": [
  42                  "user-custom-expose-header"
  43             ],
  44             "maxAgeSeconds": 1800
  45         }
  46     ]
  47 }

• Response example

  Plain Text Copy

  1     HTTP/1.1 200 OK
  2     x-bce-request-id: 4db2b34d-654d-4d8a-b49b-3049ca786409
  3     Content-Length: 0
  4     Date: Wed, 06 Apr 2016 06:34:40 GMT
  5     Server: BceBos