Get Bucket CORS

To list a bucket's CORS configuration, you make a GET request that is scoped to a bucket and you use the cors query string parameter. The CORS configuration is returned in an XML document in the response body.

Query string parameters

Parameter Description Required
cors You can use this to display the CORS configuration of an existing bucket. No

Request headers

See common request headers.

Request body elements

This request does not include an XML document in the request body.

Request syntax

The following syntax applies to GET Bucket requests that use the cors query string parameter.

GET /?cors HTTP/1.1
Host: <bucket>.storage.googleapis.com
Date: <date>
Content-Length: <request body length>
Authorization: <authentication string>

Response headers

The request can return a variety of response headers depending on the request headers you use.

Response body elements

The following response body elements are applicable only if you use the cors query string parameter to get the bucket's CORS configuration.

Element Description
CorsConfig Container for one or more Cors configuration containers. If you specify multiple Cors configurations, be aware that the Cors configurations will be evaluated in the order listed within the CorsConfig container, with the first Cors configuration matching the Origin and Method of the request used to determine any CORS response headers to add to the response.
Cors Container for a CORS configuration to be applied to the bucket. You can specify multiple Origins and multiple Methods in each Cors container. There will be a match if the request Origin matches any of the Origins in the Cors container and the request Method matches any of the Methods in the Cors container.
Origins Container for the origins permitted for cross origin resource sharing with this Cloud Storage.
Origin An Origin permitted for cross origin resource sharing with this Cloud Storage bucket. For example, http://origin1.example.com.
Methods Container for one or more HTTP Method elements, specifying the methods supported by this CORS configuration.
Method An HTTP method supported in this configuration. Valid values are GET, HEAD, PUT, POST, and DELETE.
ResponseHeaders Optional container for one or more ResponseHeader elements.
ResponseHeader Specifies a response header that the user agent is permitted to share across origins.
MaxAgeSec A value indicating the number of seconds that the user agent is permitted to cache the response. This element is optional; if omitted, the service uses a default value. If specified more than once, the last element is silently accepted. The value is returned in the Access-Control-Max-Age header in responses to preflight requests.

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Cloud Storage Documentation