• Object Storage Service

  1. Help Center
  2. Object Storage Service
  3. Developer Guide (Python SDK)
  4. CORS
  5. Setting CORS Rules

Setting CORS Rules

You can call ObsClient->setBucketCors to set CORS rules for a bucket. If the bucket is configured with CORS rules, the newly set ones will overwrite the existing ones. Sample code is as follows:

# Import the module.
from com.obs.client.obs_client import ObsClient
# Create an instance of ObsClient.
obsClient = ObsClient(
    access_key_id='*** Provide your Access Key ***',    
    secret_access_key='*** Provide your Secret Key ***',    

from com.obs.models.cors_rule import CorsRule

# Specify the request method, which can be GET, PUT, DELETE, POST, or HEAD.
allowedMethod = ['PUT', 'POST', 'GET', 'DELETE', 'HEAD']
# Specify the origin of the cross-origin request.
allowedOrigin = ['http://www.a.com', 'http://www.b.com']
# Specify whether headers specified in Access-Control-Request-Headers in the OPTIONS request can be used. 
allowedHeader = ['x-obs-header']
# Specify the browser's cache time of the returned results of OPTIONS requests for specific resources, in seconds.
maxAgeSecond = 60
# Specify response headers that users can access using application programs.
exposeHeader = ['x-obs-expose-header']
cors1 = CorsRule(id='rule1', allowedMethod=allowedMethod,                 
                 allowedOrigin=allowedOrigin, allowedHeader=allowedHeader,                 
                 maxAgeSecond=maxAgeSecond, exposeHeader=exposeHeader)

resp = obsClient.setBucketCors('bucketname', corsList=[cors1])
if resp.status < 300:    
    print('requestId:', resp.requestId)
    print('errorCode:', resp.errorCode)    
    print('errorMessage:', resp.errorMessage)

allowedOrigin and allowedHeader respectively can contain up to one wildcard character (*). The wildcard character (*) indicates that all origins or headers are allowed.