0034-00000009

更新时间:
复制 MD 格式

Problem description

The AllowedOrigin parameter in the cross-origin resource sharing (CORS) XML configuration is invalid.

Causes

The AllowedOrigin value in the PutBucketCors request does not meet the format requirements. Common invalid values include an empty string and multiple asterisk (*) characters (for example, ***).

Valid `AllowedOrigin` values:

  • A single asterisk (*) as a wildcard to allow all origins

Invalid `AllowedOrigin` values:

  • An empty string (<AllowedOrigin></AllowedOrigin>) — the parameter is required and cannot be left blank

  • Multiple asterisks (***) — only one * wildcard character is allowed

Examples

The following request triggers the error. The first AllowedOrigin element is empty, and the second contains three asterisks (***). Both values are invalid. You can use multiple AllowedOrigin elements to specify multiple allowed origins.

PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
    <CORSRule>
        <AllowedOrigin></AllowedOrigin>
        <AllowedOrigin>***</AllowedOrigin>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
    <ResponseVary>true</ResponseVary>
</CORSConfiguration>

Solutions

Replace the invalid AllowedOrigin values with a valid one. The following corrected request uses a single asterisk (*) to allow cross-origin requests from all origins. You can include only one asterisk (*) in the AllowedOrigin parameter as the wildcard. If you set AllowedOrigin to *, all cross-origin requests are allowed.

PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
    <ResponseVary>false</ResponseVary>
</CORSConfiguration>

References