PUT Bucket CORS¶
The PUT Bucket CORS operation configures a bucket to accept cross-origin requests.
Requests¶
Syntax¶
PUT /?cors HTTP/1.1
Host: {{BucketName}}.{{StorageService}}.com
Content-Length: {{length}}
Date: {{date}}
Authorization: {{authenticationInformation}}
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>Origin you want to allow cross-domain requests from</AllowedOrigin>
<AllowedOrigin>...</AllowedOrigin>
...
<AllowedMethod>HTTP method</AllowedMethod>
<AllowedMethod>...</AllowedMethod>
...
<MaxAgeSeconds>Time in seconds your browser to cache the pre-flight OPTIONS response for a resource</MaxAgeSeconds>
<AllowedHeader>Headers that you want the browser to be allowed to send</AllowedHeader>
<AllowedHeader>...</AllowedHeader>
...
<ExposeHeader>Headers in the response that you want accessible from client application</ExposeHeader>
<ExposeHeader>...</ExposeHeader>
...
</CORSRule>
<CORSRule>
...
</CORSRule>
...
</CORSConfiguration>
Note
This request syntax example illustrates only a portion of the request headers.
Parameters¶
The PUT Bucket CORS operation does not use request parameters.
Elements¶
Element | Type | Description |
---|---|---|
CORSConfiguration |
Container | Container for up to 100 CORSRules elements. Ancestors: None |
CORSRule |
Container | A set of origins and methods (cross- origin access that you want to allow). You can add up to 100 rules to the configuration. Ancestors: CORSConfiguration |
ID |
String | A unique identifier for the rule. The ID value can be up to 255 characters long. The IDs help you find a rule in the configuration. Ancestors: CORSRule |
AllowedMethod |
Enum | An HTTP method that you want to allow the origin to execute. Each CORSRule must identify at least one origin and one method. Ancestors: CORSRule |
AllowedOrigin |
String | An origin from which you want to allow cross-domain requests. This can contain at most one * wildcard character. Each CORSRule must identify at least one origin and one method. Ancestors: CORSRule |
AllowedHeader |
String | Specifies which headers are allowed in a
pre-flight OPTIONS request via the
Access-Control-Request-Headers header.
Each header name specified in the
Access-Control-Request-Headers header
must have a corresponding entry in the
rule to get a Ancestors: CORSRule |
MaxAgeSeconds |
Integer | The time in seconds that your browser is to cache the preflight response for the specified resource. A CORSRule can have at most one MaxAgeSeconds element. Ancestors: CORSRule |
ExposeHeader |
String | One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object). Add one ExposeHeader element in the rule for each header. Ancestors: CORSRule |
Responses¶
Headers¶
The PUT Bucket CORS operation uses only response headers that are common to all operations (see Common Response Headers).
Elements¶
The PUT Bucket CORS operation does not return response elements.
Examples¶
Configure CORS¶
The following PUT request adds the cors
subresource to a bucket.
Request Sample¶
PUT /?cors HTTP/1.1
Host: example.com
x-amz-date: Tue, 21 Aug 2012 17:54:50 GMT
Content-MD5: 8dYiLewFWZyGgV2Q5FNI4W==
Authorization: {{authenticationInformation}}
Content-Length: 216
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>http://www.example.com</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<MaxAgeSeconds>3000</MaxAgeSec>
<ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<MaxAgeSeconds>3000</MaxAgeSeconds>
</CORSRule>
</CORSConfiguration>
Response Sample¶
HTTP/1.1 200 OK
x-amz-id-2: CCshOvbOPfxzhwOADyC4qHj/Ck3F9Q0viXKw3rivZ+GcBoZSOOahvEJfPisZB7B
x-amz-request-id: BDC4B83DF5096BBE
Date: Tue, 21 Aug 2012 17:54:50 GMT
Server: ScalityS3