BucketCorsRule - Amazon Lightsail

BucketCorsRule

Describes a cross-origin resource sharing (CORS) rule for a Lightsail bucket. CORS rules specify which origins are allowed to access the bucket, which HTTP methods are allowed, and other access control information. For more information, see Configuring cross-origin resource sharing (CORS).

Contents

allowedMethods

The HTTP methods that are allowed when accessing the bucket from the specified origin. Each CORS rule must identify at least one origin and one method.

You can use the following HTTP methods:

  • GET - Retrieves data from the server, such as downloading files or viewing content.

  • PUT - Uploads or replaces data on the server, such as uploading new files.

  • POST - Sends data to the server for processing, such as submitting forms or creating new resources.

  • DELETE - Removes data from the server, such as deleting files or resources.

  • HEAD - Retrieves only the headers from the server without the actual content, useful for checking if a resource exists.

Type: Array of strings

Pattern: ^(DELETE|GET|HEAD|POST|PUT)$

Required: Yes

allowedOrigins

One or more origins you want customers to be able to access the bucket from. Each CORS rule must identify at least one origin and one method.

Type: Array of strings

Required: Yes

allowedHeaders

Headers that are specified in the Access-Control-Request-Headers header. These headers are allowed in a preflight OPTIONS request. In response to any preflight OPTIONS request, Amazon S3 returns any requested headers that are allowed.

Type: Array of strings

Required: No

exposeHeaders

One or more headers in the response that you want customers to be able to access from their applications (for example, from a JavaScript XMLHttpRequest object).

Type: Array of strings

Required: No

id

A unique identifier for the CORS rule. The ID value can be up to 255 characters long. The IDs help you find a rule in the configuration.

Type: String

Length Constraints: Maximum length of 255.

Required: No

maxAgeSeconds

The time in seconds that your browser is to cache the preflight response for the specified resource. A CORS rule can have only one maxAgeSeconds element.

Type: Integer

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: