• Object Storage Service

  1. Help Center
  2. Object Storage Service
  3. API Reference (OBS)
  4. Operations on Buckets
  5. PUT Bucket CORS


You can use this operation to enable Cross-origin resource sharing (CORS) for specified buckets.

CORS is a standard mechanism proposed by the World Wide Web Consortium (W3C) that allows cross-origin requests from servers. For standard web page requests, the scripts and contents at one website cannot interact with those at another website due to the existence of the same origin policy (SOP).

OBS allows buckets to store static web resources. The buckets of OBS can serve as website resources if the buckets are properly used. For details, see section PUT Bucket website. A website in OBS can respond to requests of another websites only after the CORS is properly configured.

Typical application scenarios are as follows:

  • With the support of the CORS, you can use JavaScript and HTML 5 to construct web applications and directly access the resources in OBS without the need to use proxy servers for transfer.
  • You can enable the dragging function of HTML 5 to directly upload files to OBS (with the upload progress displayed) or update OBS contents using web applications.
  • You can host external web pages, style sheets, and HTML 5 applications in different domains. Web fonts or pictures on OBS can be shared by multiple websites.

Only users granted the s3:PutBucketCORS permission can perform this operation. By default, only the bucket owner can perform this operation. The bucket owner can allow other users to perform this operation by granting them the permission. After the bucket CORS configuration is set, it will take effect within 2 minutes.