Help & Documentation>Cloud Object Storage>API Documentation>Bucket APIs>Cross-Origin Resource Sharing (cors)>GET Bucket cors

GET Bucket cors

Last updated: 2023-09-19 15:55:09

On this page:

Feature Overview

This API is used to query the CORS configuration set for a bucket.


Requests

Sample Request

GET /?cors HTTP/1.1
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
Date: GMT Date
Authorization: Auth String
Note
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com, where <BucketName-APPID> is the bucket name with the APPID suffix, such as examplebucket-1250000000. You can refer to the Bucket Overview > Basic Information and Bucket Overview > Bucket Naming Convention documentation. <Region> represents the available regions for COS, which can be found in the Regions and Access Domain Names documentation.
Authorization: Auth String (For more information, see Request Signature.)

Request Parameters

This API has no request parameter.

Request Header

This API only uses Common Request Headers.

Request Body

This API does not have a request body.

Response

Response Header

This API only returns Common Response Headers.

Response Body

A successful query returns application/xml data, which contains all information about the CORS configuration of the bucket.
<?xml version='1.0' encoding='utf-8' ?>
<CORSConfiguration>
    <CORSRule>
        <AllowedOrigin>string</AllowedOrigin>
        <AllowedMethod>enum</AllowedMethod>
        <AllowedMethod>enum</AllowedMethod>
        <AllowedHeader>string</AllowedHeader>
        <AllowedHeader>string</AllowedHeader>
        <ExposeHeader>string</ExposeHeader>
        <ExposeHeader>string</ExposeHeader>
        <MaxAgeSeconds>integer</MaxAgeSeconds>
    </CORSRule>
    <CORSRule>
        <ID>string</ID>
        <AllowedOrigin>string</AllowedOrigin>
        <AllowedOrigin>string</AllowedOrigin>
        <AllowedMethod>enum</AllowedMethod>
        <AllowedMethod>enum</AllowedMethod>
        <AllowedHeader>string</AllowedHeader>
        <ExposeHeader>string</ExposeHeader>
        <ExposeHeader>string</ExposeHeader>
        <MaxAgeSeconds>integer</MaxAgeSeconds>
    </CORSRule>
</CORSConfiguration>
The nodes are described as follows:
Node Name (Keyword)
Parent Node
Description
Local Disk Types
CORSConfiguration
-
Stores the result of GET Bucket cors.
Container
Content of CORSConfiguration:
Node Name (Keyword)
Parent Node
Description
Local Disk Types
CORSRule
CORSConfiguration
A single CORS rule
Container
Content of CORSRule:
Node Name (Keyword)
Parent Node
Description
Local Disk Types
AllowedOrigin
CORSConfiguration.CORSRule
Allowed access sources, which can be * or a wildcard format containing *. Multiple AllowedOrigins can be configured in a single CORSRule.
string
AllowedMethod
CORSConfiguration.CORSRule
An HTTP method allowed, which corresponds to the Access-Control-Allow-Methods header in the response to a CORS request. More than one AllowedMethod can be configured for a single CORSRule. Enumerated values: PUT, GET, POST, DELETE, HEAD
enum
AllowedHeader
CORSConfiguration.CORSRule
Custom HTTP request headers allowed when the browser sends a CORS request, case-insensitive, and can be *. Multiple AllowedHeaders can be configured in a single CORSRule.
string
ExposeHeader
CORSConfiguration.CORSRule
A CORS response header (case-insensitive) that can be exposed to the browser. More than one ExposeHeader can be configured for a single CORSRule.
string
MaxAgeSeconds
CORSConfiguration.CORSRule
Validity period of the CORS configuration, in seconds. This parameter corresponds to the Access-Control-Max-Age header in the response to the CORS request. Only one MaxAgeSeconds can be configured for a single CORSRule.
integer
ID
CORSConfiguration.CORSRule
ID of a single CORSRule. If this node exists, PUT Bucket cors has set an ID for the CORS rule. Only one ID can be set for a single CORSRule at most.
string

Error Codes

This API returns common error responses and error codes. For more information, see Error Codes.

Examples

Requests

GET /?cors HTTP/1.1
Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
Date: Thu, 09 Jul 2020 11:15:12 GMT
Authorization: q-sign-algorithm=sha1&q-ak=AKID8A0fBVtYFrNm02oY1g1JQQF0c3JO**&q-sign-time=1594293312;1594300512&q-key-time=1594293312;1594300512&q-header-list=date;host&q-url-param-list=cors&q-signature=8c00249260b2535056d2ef8fc43ecd675515**
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: application/xml
Content-Length: 1196
Connection: close
Date: Thu, 09 Jul 2020 11:15:12 GMT
Server: tencent-cos
x-cos-request-id: NWYwNmZjNDBfN2ViMTJhMDlfZDNjOV8xYjdk****

<?xml version='1.0' encoding='utf-8' ?>
<CORSConfiguration>
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>HEAD</AllowedMethod>
        <AllowedHeader>Range</AllowedHeader>
        <AllowedHeader>x-cos-server-side-encryption-customer-algorithm</AllowedHeader>
        <AllowedHeader>x-cos-server-side-encryption-customer-key</AllowedHeader>
        <AllowedHeader>x-cos-server-side-encryption-customer-key-MD5</AllowedHeader>
        <ExposeHeader>Content-Length</ExposeHeader>
        <ExposeHeader>ETag</ExposeHeader>
        <ExposeHeader>x-cos-meta-author</ExposeHeader>
        <MaxAgeSeconds>600</MaxAgeSeconds>
    </CORSRule>
    <CORSRule>
        <ID>example-id</ID>
        <AllowedOrigin>https://example.com</AllowedOrigin>
        <AllowedOrigin>https://example-1.com</AllowedOrigin>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>GET</AllowedMethod>
        ...
        <AllowedMethod>HEAD</AllowedMethod>
        <AllowedHeader>*</AllowedHeader>
        <ExposeHeader>Content-Length</ExposeHeader>
        <ExposeHeader>ETag</ExposeHeader>
        <ExposeHeader>x-cos-meta-author</ExposeHeader>
        <MaxAgeSeconds>600</MaxAgeSeconds>
    </CORSRule>
</CORSConfiguration>

中国站 - English