Amazon Simple Storage Service
API Reference (API Version 2006-03-01)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Did this page help you?  Yes | No |  Tell us about it...

GET Bucket cors

Description

Returns the cors configuration information set for the bucket.

To use this operation, you must have permission to perform the s3:GetBucketCORS action. By default, the bucket owner has this permission and can grant it to others.

To learn more cors, go to Enabling Cross-Origin Resource Sharing in the Amazon Simple Storage Service Developer Guide.

Requests

Syntax

GET /?cors HTTP/1.1
Host: bucketname.s3.amazonaws.com
Date: date
Authorization: authorization string (see Authenticating Requests (AWS Signature Version 4))

Request Parameters

This implementation of the operation does not use request parameters.

Request Headers

This implementation of the operation uses only request headers that are common to all operations. For more information, see Common Request Headers.

Request Elements

This implementation of the operation does not use request elements.

Responses

Response Headers

This implementation of the operation uses only response headers that are common to most responses. For more information, see Common Response Headers.

Response Elements

This implementation of GET returns the following response elements.

Name Description
CORSConfiguration

Container for up to 100 CORSRules elements.

Type: Container

Children: CORSRules

Ancestor: None

CORSRule

A set of origins and methods (cross-origin access that you want to allow).. You can add up to 100 rules to the configuration.

Type: Container

Children: AllowedOrigin, AllowedMethod, MaxAgeSeconds, ExposeHeader, ID.

Ancestor: CORSConfiguration

AllowedHeader

Specifies which headers are allowed in a pre-flight OPTIONS request through the Access-Control-Request-Headers header. Each header name specified in the Access-Control-Request-Headers must have a corresponding entry in the rule. Only the headers that were requested will be sent back. This element can contain at most one * wildcard character.

A CORSRule can have at most one MaxAgeSeconds element.

Type: Integer (seconds)

Ancestor: CORSRule

AllowedMethod

Identifies an HTTP method that the domain/origin specified in the rule is allowed to execute.

Each CORSRule must contain at least one AllowedMethod and one AllowedOrigin element.

Type: Enum (GET, PUT, HEAD, POST, DELETE)

Ancestor: CORSRule

AllowedOrigin

One or more response headers that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).

Each CORSRule must have at least one AllowedOrigin element. The string value can include at most one '*' wildcard character, for example, http://*.example.com". You can also specify only "*" to allow cross-origin access for all domains/origins.

Type: String

Ancestor: CORSRule

ExposeHeader

One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).

You add one ExposeHeader in the rule for each header.

Type: String

Ancestor: CORSRule

ID

An optional unique identifier for the rule. The ID value can be up to 255 characters long. The IDs help you find a rule in the configuration.

Type: String

Ancestor: CORSRule

MaxAgeSeconds

The time in seconds that your browser is to cache the preflight response for the specified resource.

A CORSRule can have at most one MaxAgeSeconds element.

Type: Integer (seconds)

Ancestor: CORSRule

Special Errors

This implementation of the operation does not return special errors. For general information about Amazon S3 errors and a list of error codes, see Error Responses.

Examples

Example 1: Retrieve cors subresource

The following example gets the cors subresource of a bucket.

Sample Request

GET /?cors HTTP/1.1
Host: examplebucket.s3.amazonaws.com
Date: Tue, 13 Dec 2011 19:14:42 GMT
Authorization: signatureValue

Sample Response

HTTP/1.1 200 OK
x-amz-id-2: 0FmFIWsh/PpBuzZ0JFRC55ZGVmQW4SHJ7xVDqKwhEdJmf3q63RtrvH8ZuxW1Bol5
x-amz-request-id: 0CF038E9BCF63097
Date: Tue, 13 Dec 2011 19:14:42 GMT
Server: AmazonS3
Content-Length: 280

<CORSConfiguration>
     <CORSRule>
       <AllowedOrigin>http://www.example.com</AllowedOrigin>
       <AllowedMethod>GET</AllowedMethod>
       <MaxAgeSeconds>3000</MaxAgeSec>
       <ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
     </CORSRule>
</CORSConfiguration>