Due to the same-origin policy of browsers, cross-origin requests may be rejected when data is exchanged or resources are shared between different domain names. To resolve the issue, you can configure cross-origin resource sharing (CORS) rules. In the CORS rules, you can specify the domain names from which requests can be sent, the methods that can be used to send cross-origin requests, and the allowed headers.
Notes
-
In this topic, the public endpoint of the China (Hangzhou) region is used. If you want to access OSS from other Alibaba Cloud services in the same region as OSS, use an internal endpoint. For more information about OSS regions and endpoints, see Regions and Endpoints.
-
In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials using OSS SDK for Python 1.0.
-
This topic demonstrates creating an OSSClient instance with an OSS endpoint. For alternative configurations, such as using a custom domain or authenticating with credentials from Security Token Service (STS), see Initialization.
-
To configure CORS rules, you must have the
oss:PutBucketCorspermission. To query CORS rules, you must have theoss:GetBucketCorspermission. To delete CORS rules, you must have theoss:DeleteBucketCorspermission. For more information, see Grant a custom policy.
Configure CORS rules
The following sample code provides an example on how to configure a CORS rule for a specific bucket:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
from oss2.models import BucketCors, CorsRule
# Obtain access credentials from the environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the ID of the region that maps to the endpoint. Example: cn-hangzhou. This parameter is required if you use the signature algorithm V4.
region = "cn-hangzhou"
# Specify the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
rule = CorsRule(allowed_origins=['*'],
allowed_methods=['GET', 'HEAD'],
allowed_headers=['*'],
max_age_seconds=1000)
# An existing rule with the same name is overwritten.
bucket.put_bucket_cors(BucketCors([rule]))
Query CORS rules
The following sample code provides an example on how to query CORS rules of a specific bucket:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Obtain access credentials from the environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the ID of the region that maps to the endpoint. Example: cn-hangzhou. This parameter is required if you use the signature algorithm V4.
region = "cn-hangzhou"
# Specify the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
try:
cors = bucket.get_bucket_cors()
except oss2.exceptions.NoSuchCors:
print('cors is not set')
else:
for rule in cors.rules:
print('AllowedOrigins={0}'.format(rule.allowed_origins))
print('AllowedMethods={0}'.format(rule.allowed_methods))
print('AllowedHeaders={0}'.format(rule.allowed_headers))
print('ExposeHeaders={0}'.format(rule.expose_headers))
print('MaxAgeSeconds={0}'.format(rule.max_age_seconds))
Delete CORS rules
The following sample code provides an example on how to delete all CORS rules of a specific bucket:
# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
# Obtain access credentials from the environment variables. Before you run the sample code, make sure that you have configured environment variables OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET.
auth = oss2.ProviderAuthV4(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com.
endpoint = "https://oss-cn-hangzhou.aliyuncs.com"
# Specify the ID of the region that maps to the endpoint. Example: cn-hangzhou. This parameter is required if you use the signature algorithm V4.
region = "cn-hangzhou"
# Specify the name of your bucket.
bucket = oss2.Bucket(auth, endpoint, "yourBucketName", region=region)
bucket.delete_bucket_cors()
References
-
For the complete sample code for managing CORS rules, visit GitHub.
-
For more information about the API operation that you can call to configure CORS rules, see PutBucketCors.
-
For more information about the API operation that you can call to query CORS rules, see GetBucketCors.
-
For more information about the API operation that you can call to delete CORS rules, see DeleteBucketCors.