• Object Storage Service

obs
  1. Help Center
  2. Object Storage Service
  3. API Reference (OBS)
  4. Operations on Buckets
  5. PUT Bucket CORS
  6. Requests

Requests

Syntax

PUT /?cors HTTP/1.1 
 Host: bucketname.obs.example.com
 User-Agent: agent
 Accept: */*
 Date: date 
 Authorization: authorization 
 Content-MD5: MD5
 Content-Length: length 
 Expect: expect

 <?xml version="1.0" encoding="UTF-8"?> 
 <CORSConfiguration> 
   <CORSRule> 
     <ID>id</ID> 
     <AllowedMethod>method</AllowedMethod> 
     <AllowedOrigin>origin</AllowedOrigin> 
     <AllowedHeader>header</AllowedHeader> 
     <MaxAgeSeconds>seconds</MaxAgeSeconds> 
     <ExposeHeader>header</ExposeHeader> 
   </CORSRule> 
 </CORSConfiguration>

Request Parameters

This request involves no parameters.

Request Headers

Table 1 lists the request header.

Table 1 CORS request header

Header

Description

Remarks

Content-MD5

The MD5 digest string of the message body is calculated according to the RFC 1864 standard. That is, calculate the 128-bit binary array (the message header data encrypted with MD5) first, and then use Base 64 encoding to convert the binary data to a character string.

Type: String

Example: n58IG6hfM7vqI4K0vnWpog==

Mandatory

x-amz-security-token

Header field used to identify the request of a federated user. When the federal authentication function is enabled, users sending such requests are identified as federated users.

Type: string

Optional. This parameter must be carried in the request sent by federated users.

Request Elements

In this request, you must configure the CORS of buckets in the request body. The configuration information is uploaded in the XML format. Table 2 lists the CORS configuration elements.

Table 2 CORS configuration elements

Element

Description

Remarks

CORSConfiguration

Indicates the CORSRules root node. The maximum size is 64 KB.

Type: Container

Ancestor: None

Mandatory

CORSRule

Indicates a CORS rule. CORSConfiguration can contain a maximum of 100 rules.

Type: Container

Ancestor: CORSConfiguration

Mandatory

ID

Indicates the unique identifier of a rule. The value can contain a maximum of 255 characters.

Type: String

Ancestor: Rule

Optional

AllowedMethod

Indicates a method that is allowed by a CORS rule.

Type: String

Valid values: GETPUTHEADPOST, and DELETE

Ancestor: Rule

Mandatory

AllowedOrigin

Indicates an origin that is allowed by a CORS rule. It is a character string and can contain a wildcard (*). Each AllowedOrigin can only contain one wildcard (*).

Type: String

Ancestor: Rule

Mandatory

AllowedHeader

Indicates an allowed header (Access-Control-Request-Headers) in a CORS request. If a request contains Access-Control-Request-Headers, only a CORS request that matches the configuration of AllowedHeader is considered as a valid request. Each AllowedHeader can only contain one wildcard (*).

Type: String

Ancestor: Rule

Optional

MaxAgeSeconds

Indicates the response time of the CORS that can be cached by a server. It is expressed in seconds.

Each CORSRule can contain only one MaxAgeSeconds. It can be set to a negative value.

Type: Integer

Ancestor: Rule

Optional

ExposeHeader

Indicates a supplemented header in CORS responses. The header provides additional information for servers. It cannot contain spaces.

Type: String

Ancestor: Rule

Optional