0034-00000013

更新时间:
复制 MD 格式

Problem description

The ExposeHeader parameter is invalid in a cross-origin resource sharing (CORS) rule.

Causes

The PutBucketCors operation fails if the value of the ExposeHeader parameter is invalid in a rule of the submitted XML configuration.

Examples

For example, you can initiate the following request:

PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
    <CORSRule>
    	<AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <AllowedHeader>Authorization</AllowedHeader>
      <ExposeHeader>x-oss-*</ExposeHeader>
    </CORSRule>
    <ResponseVary>true</ResponseVary>
</CORSConfiguration>

The ExposeHeader parameter specifies the response headers that an application can access. The parameter does not support the following characters:

* < > & ' ". In the preceding XML configuration, the value of the `ExposeHeader` node in the CORSRule is x-oss-*. This value contains the disallowed character * and is therefore invalid.

Solution

When you use the PutBucketCors operation to configure CORS rules for a bucket, ensure that the submitted XML configuration is correct and that the ExposeHeader parameter is valid.

PUT /?cors HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com
Content-Length: 186
Date: Fri, 04 May 2012 03:21:12 GMT
Authorization: OSS qn6q**************:77Dv****************
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration>
    <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <AllowedHeader>Authorization</AllowedHeader>
      <ExposeHeader>x-oss-test</ExposeHeader>
    </CORSRule>
    <ResponseVary>false</ResponseVary>
</CORSConfiguration>

References