Configuring CORS

This section describes how to use CORS in HTML5 to implement cross-origin access.

Procedure

  1. Log in to OBS Browser.

  2. Select the bucket to be configured and click More > Configure CORS Rule.

  3. Click Add.

    Note

    You can set a maximum of 100 CORS rules for one bucket.

  4. In the Add CORS Rule dialog box that is displayed, enter CORS rules.

    **Figure 1** Adding a CORS rule

    Figure 1 Adding a CORS rule

    Table 1 describes parameters in CORS rules.

    Table 1 Parameters in a CORS rule

    Parameter

    Description

    Allowed Origin

    Specifies the origin of cross-origin requests. That is, requests from the origin can access the bucket. This parameter is mandatory.

    Multiple matching rules are allowed. One rule occupies one line, and allows one wildcard character (*) at most. Example:

    http://rds.example.com
    https://*.vbs.example.com
    

    Allowed Method

    Specifies the method of cross-origin requests, that is, the operation type of buckets and objects. This parameter is mandatory. The following methods are included: Get, Post, Put, Delete, and Head.

    Allowed Header

    Specifies the allowed header of cross-origin requests. This parameter is optional. Only CORS requests matching the allowed header are valid.

    You can enter multiple allowed headers (one per line) and each line can contain one wildcard character (*) at most. Spaces and special characters including &:< are not allowed.

    Exposed Header

    Specifies the supplemented header in CORS responses, providing additional information for clients. This parameter is optional.

    You can enter multiple exposed headers (one per line). Spaces and special characters including *&:< are not allowed.

    Cache Duration (s)

    Mandatory. Specifies the duration that your browser can cache CORS responses, expressed in seconds. The default value is 100.

  5. Click OK.

  6. Click OK to save the rules.

    After CORS is successfully configured, only the addresses specified for Allowed Origin can access the bucket using the methods specified for Allowed Method. For example, you configure a CORS rule for bucket testbucket as follows:

    • Allowed Origin: www.example.com

    • Allowed Method: GET

    • Allowed Header: left blank

    • Exposed Header: left blank

    • Cache Duration (s): 100

    Then, OBS only allows GET requests from www.example.com to access bucket testbucket and does not limit request headers. The client can cache CORS responses for 100 seconds.

  7. In the displayed dialog box, click Close to close the dialog box.