0034-00000012

更新时间:
复制 MD 格式

Problem description

The AllowedHeader parameter of a rule in the cross-origin resource sharing (CORS) XML configuration has an invalid value.

Causes

The request failed because the AllowedHeader parameter in a CORS rule has an invalid value. This rule is part of the XML configuration that you specified in the PutBucketCors request.

Sample problems

For example, you sent the following request:

PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
    <CORSRule>
    	<AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <AllowedHeader>A&B</AllowedHeader>
    </CORSRule>
    <ResponseVary>true</ResponseVary>
</CORSConfiguration>

The AllowedHeader parameter specifies the allowed headers for the Access-Control-Request-Headers in an OPTIONS preflight request. Each header specified by Access-Control-Request-Headers must match a value in an AllowedHeader element.

The AllowedHeader parameter supports only one asterisk (*) as a wildcard character. The characters < > & ' " are not allowed. In the example, the value of the AllowedHeader node is A&B. This value contains the unsupported character & and is therefore invalid.

Solutions

Ensure that the XML configuration that you submit in the PutBucketCors request is valid. The value of the AllowedHeader parameter must be in the required format.

PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
    <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
    <ResponseVary>false</ResponseVary>
</CORSConfiguration>

References