Get bucket CORS

To list a bucket's CORS configuration, you make a GET request that is scoped to a bucket and you use the cors query string parameter. The CORS configuration is returned in an XML document in the response body.

For more information about CORS configuration, see Configuring Cross-Origin Resource Sharing (CORS).

Query string parameters

Parameter	Description	Required
`cors`	You can use this to display the CORS configuration of an existing bucket.	No

Request headers

See common request headers.

Request body elements

This request does not include an XML document in the request body.

Request syntax

The following syntax applies to GET Bucket requests that use the cors query string parameter.

GET /?cors HTTP/1.1
Host: <bucket>.storage.googleapis.com
Date: <date>
Content-Length: <request body length>
Authorization: <authentication string>

Response headers

The request can return a variety of response headers depending on the request headers you use.

Response body elements

The following response body elements are applicable only if you use the cors query string parameter to get the bucket's CORS configuration.

Element	Description
`CorsConfig`	Container for one or more Cors configuration containers. If you specify multiple Cors configurations, be aware that the Cors configurations will be evaluated in the order listed within the CorsConfig container, with the first Cors configuration matching the Origin and Method of the request used to determine any CORS response headers to add to the response.
`Cors`	Container for a CORS configuration to be applied to the bucket. You can specify multiple Origins and multiple Methods in each Cors container. There will be a match if the request Origin matches any of the Origins in the Cors container and the request Method matches any of the Methods in the Cors container.
`Origins`	Container for the origins permitted for cross origin resource sharing with this Cloud Storage.
`Origin`	An Origin permitted for cross origin resource sharing with this Cloud Storage bucket. For example, `http://origin1.example.com`.
`Methods`	Container for one or more HTTP Method elements, specifying the methods supported by this CORS configuration.
`Method`	An HTTP method supported in this configuration. Valid values are GET, HEAD, PUT, POST, and DELETE.
`ResponseHeaders`	Optional container for one or more ResponseHeader elements.
`ResponseHeader`	Specifies a response header that the user agent is permitted to share across origins.
`MaxAgeSec`	A value indicating the number of seconds that the user agent is permitted to cache the response. This element is optional; if omitted, the service uses a default value. If specified more than once, the last element is silently accepted. The value is returned in the Access-Control-Max-Age header in responses to preflight requests.

Was this page helpful? Let us know how we did:

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated September 18, 2019.