Cross-origin resource sharing (CORS) is to request resources over HTTP from a domain for another domain. Two origins that differ in protocol, domain name, or port are treated as different origins. To enable cross-origin access, see Setting Cross-Origin Access or the best practice documentation Setting Cross-Origin Access.
If your access request is denied, troubleshoot the issue as follows:
Set the origin to
* when configuring CORS. For more information, see the best practice documentation Setting Cross-Origin Access.
ETagto CORS ExposeHeader setting." occurs during an upload operation?
Configure the CORS rule as shown below and try using a different browser to test whether it works. For more information, see Setting Cross-Origin Access.
If you are using a CDN acceleration domain name, configure CORS in the CDN console. For operation details, see HTTP Response Header.
The console supports fuzzy match of second-level domain names.
Troubleshoot the issue as follows:
curl -Lvo /dev/null "<object address="">" -H "origin:<domain name="">", for example,
curl -Lvo /dev/null "https://bucketname-1250000000.cos.ap-guangzhou.myqcloud.com/test.png" -H "origin:https://www.baidu.com". If the status code 200 is returned, the CORS rules are effective. In that case, clear the browser cache and try again.
max-age=0in the CORS rules.
CORS rules support IP addresses. For more information, see Setting Cross-Origin Resource Sharing (CORS).
Enable CORS in the CDN console. For operation details, see HTTP Response Header.
Check whether CORS is configured properly. If yes, we recommend that you clear the browser cache and try again. If the problem persists, try to configure
max-age=0 in the CORS rules. For CORS configuration details, see Setting Cross-Origin Access.