Problem description
The AllowedOrigin parameter in the cross-origin resource sharing (CORS) XML configuration is invalid.
Causes
The AllowedOrigin value in the PutBucketCors request does not meet the format requirements. Common invalid values include an empty string and multiple asterisk (*) characters (for example, ***).
Valid `AllowedOrigin` values:
A single asterisk (
*) as a wildcard to allow all origins
Invalid `AllowedOrigin` values:
An empty string (
<AllowedOrigin></AllowedOrigin>) — the parameter is required and cannot be left blankMultiple asterisks (
***) — only one*wildcard character is allowed
Examples
The following request triggers the error. The first AllowedOrigin element is empty, and the second contains three asterisks (***). Both values are invalid. You can use multiple AllowedOrigin elements to specify multiple allowed origins.
PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
<CORSRule>
<AllowedOrigin></AllowedOrigin>
<AllowedOrigin>***</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
<ResponseVary>true</ResponseVary>
</CORSConfiguration>Solutions
Replace the invalid AllowedOrigin values with a valid one. The following corrected request uses a single asterisk (*) to allow cross-origin requests from all origins. You can include only one asterisk (*) in the AllowedOrigin parameter as the wildcard. If you set AllowedOrigin to *, all cross-origin requests are allowed.
PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
<ResponseVary>false</ResponseVary>
</CORSConfiguration>