S3 Bucket Cors Operations:Set Bucket CORS

Search (SHIFT+S)

Set Bucket CORS

PUT /?cors

Sets the CORS configuration for the bucket.

URL Format

Host Style: http://bucketname.ns1.emc.com/?cors
Path Style: http://ns1.emc.com/bucketname?cors

Request Headers

Content-MD5 required128-bit MD5 digest of data which is base64 encoded. This is used to verify that the request was not corrupted during transit.
x-amz-date optionalTimestamp of the request added by the requester. Example: Tue, 03 Sept 2013 12:00:00 GMT. If the Authorization header is specified, either the x-amz-date or the Date header must also be specified If both the headers are specified, the value of x-amz-date header is chosen.
Authorization requiredInformation needed to authenticate requests.


The following conditions must be met in order to call this operation.

  • Only the owner of the bucket or a user having permission can create or replace CORS configuration for the bucket.

  • BaseUrl used in a host-style request URL should be pre-configured using the ECS Management API or the ECS Portal (for example, emc.com in the URL: bucketname.ns1.emc.com).

  • Namespace corresponding to this bucket should exist (for example, ns1).

Request Payload

All parameters are required unless otherwise stated.

Field Description Type Notes
<CORSRule>     0-* Elements
<AllowedMethod> An HTTP method that the origin is allowed to use. Each CORS rule consists of at least one origin and one method String 0-* Elements
Valid Values:
<AllowedOrigin> An Origin, from where cross-domain requests are allowed String 0-* Elements
Valid Values:
  •  Can contain at most one '*' wild character. For example "http://*.emc.com". A value of only "*" can also be specified to allow all origins to send cross-domain requests
<AllowedHeader> Specifies the allowed headers in a pre-flight OPTIONS request via the Access-Control-Request-Headers header. Each header specified in Access-Control-Request-Headers must match an AllowedHeader element String 0-* Elements
Valid Values:
  •  Can contain at most one '*' wild character
<MaxAgeSeconds> The amount of time in seconds that a browser can cache a pre-flight response for a specific resource. A rule can contain at most one MaxAgeSeconds element String Valid Values:
  •  Integer value in seconds
<ExposeHeader> A header in the response that a customer can access from their application String 0-* Elements
<ID> The rule's unique identifier String Valid Values:
  •  value is less than or equal to 255 characters

Response Headers

x-amz-request-id optionalRequest id
x-amz-id-2 optionalBucket identifier

Response Body

Response indicating Success or Failure for this operation