Problem description
The AllowedHeader parameter of a rule in the cross-origin resource sharing (CORS) XML configuration has an invalid value.
Causes
The request failed because the AllowedHeader parameter in a CORS rule has an invalid value. This rule is part of the XML configuration that you specified in the PutBucketCors request.
Sample problems
For example, you sent the following request:
PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedHeader>A&B</AllowedHeader>
</CORSRule>
<ResponseVary>true</ResponseVary>
</CORSConfiguration>The AllowedHeader parameter specifies the allowed headers for the Access-Control-Request-Headers in an OPTIONS preflight request. Each header specified by Access-Control-Request-Headers must match a value in an AllowedHeader element.
The AllowedHeader parameter supports only one asterisk (*) as a wildcard character. The characters < > & ' " are not allowed. In the example, the value of the AllowedHeader node is A&B. This value contains the unsupported character & and is therefore invalid.
Solutions
Ensure that the XML configuration that you submit in the PutBucketCors request is valid. The value of the AllowedHeader parameter must be in the required format.
PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
<ResponseVary>false</ResponseVary>
</CORSConfiguration>