Get bucket CORS

To list a bucket's CORS configuration, you make a GET request that is scoped to a bucket and you use the cors query string parameter. The CORS configuration is returned in an XML document in the response body.

For more information about CORS configuration, see Configuring Cross-Origin Resource Sharing (CORS).

Query string parameters

Parameter	Description	Required
`cors`	You can use this to display the CORS configuration of an existing bucket.	No

Request headers

See common request headers.

Request body elements

This request does not include an XML document in the request body.

Request syntax

The following syntax applies to GET Bucket requests that use the cors query string parameter.

GET /?cors HTTP/1.1
Host: BUCKET_NAME.storage.googleapis.com
Date: DATE
Content-Length: 0
Authorization: AUTHENTICATION_STRING

Response headers

The request can return a variety of response headers depending on the request headers you use.

Response body elements

The following response body elements are applicable only if you use the cors query string parameter to get the bucket's CORS configuration.

Element	Description
`CorsConfig`	Container for one or more Cors configuration containers. If you specify multiple Cors configurations, be aware that the Cors configurations will be evaluated in the order listed within the CorsConfig container, with the first Cors configuration matching the Origin and Method of the request used to determine any CORS response headers to add to the response.
`Cors`	Container for a CORS configuration to be applied to the bucket. You can specify multiple Origins and multiple Methods in each Cors container. There will be a match if the request Origin matches any of the Origins in the Cors container and the request Method matches any of the Methods in the Cors container.
`Origins`	Container for the origins permitted for cross origin resource sharing with this Cloud Storage.
`Origin`	An Origin permitted for cross origin resource sharing with this Cloud Storage bucket. For example, `https://origin1.example.com`.
`Methods`	Container for one or more HTTP Method elements, specifying the methods supported by this CORS configuration.
`Method`	An HTTP method used in this configuration. Valid values are `DELETE`, `GET`, `HEAD`, `POST`, and `PUT`. `OPTIONS` is interpreted as a preflight request, so you don't need to specify this method in your CORS configuration.
`ResponseHeaders`	Optional container for one or more ResponseHeader elements.
`ResponseHeader`	Specifies a response header that the user agent is permitted to share across origins.
`MaxAgeSec`	A value indicating the number of seconds that the user agent is permitted to cache the response. This element is optional; if omitted, the service uses a default value. If specified more than once, the last element is silently accepted. The value is returned in the `Access-Control-Max-Age` header in responses to preflight requests.