Configuring CORS

This section describes how to use CORS in HTML5 to implement cross-origin access.


  1. Log in to OBS Browser.

  2. Select the bucket to be configured and click More > Configure CORS Rule.

  3. Click Add.


    You can set a maximum of 100 CORS rules for one bucket.

  4. In the Add CORS Rule dialog box that is displayed, enter CORS rules.

    **Figure 1** Adding a CORS rule

    Figure 1 Adding a CORS rule

    Table 1 describes parameters in CORS rules.

    Table 1 Parameters in CORS rules



    Allowed Origin

    Specifies the origin of cross-origin requests. That is, requests from the origin can access the bucket. This parameter is mandatory.

    Multiple matching rules are allowed. One rule occupies one line, and allows one wildcard character (*) at most. Example:

    Allowed Method

    Specifies the method of cross-origin requests, that is, the operation type of buckets and objects. This parameter is mandatory. The following methods are included: Get, Post, Put, Delete, and Head.

    Allowed Header

    Specifies the allowed header of cross-origin requests. This parameter is optional. Only CORS requests matching the allowed header are valid.

    You can enter multiple allowed headers (one per line) and each line can contain one wildcard character (*) at most. Spaces and special characters including &:< are not allowed.

    Exposed Header

    Specifies the supplemented header in CORS responses, providing additional information for clients. This parameter is optional.

    You can enter multiple exposed headers (one per line). Spaces and special characters including *&:< are not allowed.

    Cache Duration (s)

    Mandatory. Specifies the duration that your browser can cache CORS responses, expressed in seconds. The default value is 100.

  5. Click OK.

  6. Click OK to save the rules.

    After CORS is successfully configured, only the addresses specified in Allowed Origin can access a bucket in OBS using the method specified in Allowed Method. For example, you configure CORS parameters for bucket testbucket as follows: Allowed Origin:; Allowed Method: GET; Allowed Header: left blank; Exposed Header: left blank; Cache Duration (s): 100. Then OBS only allows GET requests from to access bucket testbucket, without restrictions on request headers. The client can cache the CORS response for 100 seconds.

  7. In the displayed dialog box, click Close to close the dialog box.