GET Bucket CORS

Last updated:2021-09-14 16:18:18

Description

You can call this operation to query the CORS configuration of your bucket.

To call this operation, you must have permission to perform the GetBucketCORS operation. The owner of a bucket has this permission by default and can grant it to others.

Request

Request syntax

GET /?cors HTTP/1.1
Host: {BucketName}.{endpoint}
Date: {date}
Authorization: {SignatureValue}

References:

Request parameters

No request parameter is used.

Request headers

This operation uses only common request headers. For more information, see Public Request Header.

Request body

No request body is used.

Response

Response headers

This operation uses only common response headers. For more information, see Public Response Header.

Response body

Parameter Description Required
CORSConfiguration The container that stores CORS rules. It can store up to 100 CORS rules.
Type: container
Child node: CORSRules
Parent node: none
Yes
CORSRule A collection of origins and methods. You can configure up to 100 rules.
Type: container
Child nodes: AllowedOrigin, AllowedMethod, MaxAgeSeconds, ExposeHeader, and ID
Parent node: CORSConfiguration
Yes
ID The unique identifier of a rule. An ID can contain up to 255 characters. It can help you quickly find a rule.
Type: String
Parent node: CORSRule
Yes
AllowedMethod The HTTP methods allowed for an origin. You must define at least one origin and one method in a CORS rule.
Type: Enumeration (GET, PUT, HEAD, POST, and DELETE)
Parent node: CORSRule
Yes
AllowedOrigin The origins from which CORS requests are allowed. An origin can contain at most one asterisk (*) as the wildcard. You must define at least one origin and one method in a CORS rule. Example: http://*.example.com. If you set the AllowedOrigin parameter to an asterisk (*), requests from all origins are allowed.
Type: String
Parent node: CORSRule
Yes
AllowedHeader Indicates which headers specified by Access-Control-Request-Headers in the OPTIONs preflight request are allowed. Each header specified by Access-Control-Request-Headers must be consistent with the header of the request sent to KS3. You can specify at most one asterisk (*) in the AllowedHeader parameter.
Type: String
Parent node: CORSRule
Yes
MaxAgeSeconds The period of time within which the browser caches the response of KS3 for an OPTIONS preflight request to specified resources. A CORS rule can contain at most one MaxAgeSeconds parameter.
Type: Integer (seconds)
Parent node: CORSRule
Yes
ExposeHeader The response header that you are allowed to access from your applications, such as from a JavaScript XMLHttpRequest object.
Type: String
Parent node: CORSRule
Yes

Operation-specific errors

This operation does not return operation-specific errors.

Examples

Sample request

GET /?cors HTTP/1.1
Host: ks3-example.ks3-cn-beijing.ksyuncs.com
Date: Wed, 24 Dec 2014 03:08:04 GMT
Authorization: authorization string

Sample response

HTTP/1.1 200 OK
Date: Wed, 24 Dec 2014 03:08:04 GMT
Server: Tengine
Content-Type: application/xml
x-kss-request-id: d72a2c2be3ec42aebf5b8c395b6cb8e7

<CORSConfiguration>
<CORSRule>
<AllowedOrigin>http://www.example.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSec>
<ExposeHeader>x-kss-server-side-encryption</ExposeHeader>
</CORSRule>
</CORSConfiguration>

Did you find the above information helpful?

Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful

What might be the problems?

Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions

0/200

Please give us your feedback.

Submitted

Thank you for your feedback.

问题反馈