GET Bucket CORS¶
The GET Bucket CORS operation returns a bucket’s cors configuration information. This operation requires S3:GetBucketCORS permission.
Requests¶
Syntax¶
GET /?cors HTTP/1.1
Host: {{BucketName}}.{{StorageService}}.com
Date: {{date}}
Authorization: {{authenticationInformation}}
Note
The request syntax illustrates only a portion of the request headers.
Parameters¶
The GET Bucket CORS operation does not use request parameters.
Headers¶
The GET Bucket CORS operation uses only request headers that are common to all operations (see Common Request Headers).
Elements¶
The GET Bucket CORS operation does not use request elements.
Responses¶
Headers¶
The GET Bucket CORS operation uses only response headers that are common to all operations (see Common Response Headers).
Elements¶
Element | Type | Description |
---|---|---|
CORSConfiguration |
Container | Container for up to 100 CORSRules elements. Ancestors: None |
CORSRule |
Container | A set of origins and methods (cross- origin the access to allow). Up to 100 rules can be added to the configuration. Ancestors: CORSConfiguration Children: AllowedOrigin, AllowedMethod, MaxAgeSeconds, ExposeHeader, ID. |
AllowedHeader |
Integer | Specifies which headers are allowed in a pre-flight OPTIONS request through the Access-Control-Request-Headers header. Each header name specified in the Access-Control-Request-Headers must have a corresponding entry in the rule. Only the requested headers are returned. This element can contain at most one “*” wildcard character. A CORSRule can have at most one MaxAgeSeconds element. Ancestor: CORSRule |
AllowedMethod |
Enum | Identifies an HTTP method that the domain/origin specified in the rule is allowed to execute. Each CORSRule must contain at least one AllowedMethod and one AllowedOrigin element. Ancestor: CORSRule |
AllowedOrigin |
String | One or more response headers that users are allowed to access from their applications (for example, from a JavaScript XMLHttpRequest object). Each CORSRule must have at least one AllowedOrigin element. The string value can include at most one “*” wildcard character; for example, “http://*.example.com”. Also, it is possible to specify only “*” to allow cross-origin access for all domains/origins. Ancestor: CORSRule |
ExposeHeader |
String | One or more headers in the response that users can access from their applications (for example, from a JavaScript XMLHttpRequest object). Add one ExposeHeader in the rule for each header. Ancestor: CORSRule |
ID |
String | An optional unique identifier for the rule. The ID value can be up to 255 characters long. The IDs can assist in finding a rule in the configuration. Ancestor: CORSRule |
MaxAgeSeconds |
Integer | The time in seconds that the browser is to cache the preflight response for the specified resource. A CORSRule can have at most one MaxAgeSeconds element. Ancestor: CORSRule |
Examples¶
Retrieve CORS Subresource¶
This request retrieves the cors subresource of a bucket.
Request Sample¶
GET /?cors HTTP/1.1
Host: example.com
Date: Tue, 13 Dec 2011 19:14:42 GMT
Authorization: {{authenticationInformation}}
Response Sample¶
HTTP/1.1 200 OK
x-amz-id-2: 0FmFIWsh/PpBuzZ0JFRC55ZGVmQW4SHJ7xVDqKwhEdJmf3q63RtrvH8ZuxW1Bol5
x-amz-request-id: 0CF038E9BCF63097
Date: Tue, 13 Dec 2011 19:14:42 GMT
Server: ScalityS3
Content-Length: 280
.. code::
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>http://www.example.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSec>
<ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
</CORSRule>
</CORSConfiguration>