putBucketCors method
cors configuration for your bucket. If the
configuration exists, Amazon S3 replaces it.
To use this operation, you must be allowed to perform the
s3:PutBucketCORS action. By default, the bucket owner has
this permission and can grant it to others.
You set this configuration on a bucket so that the bucket can service
cross-origin requests. For example, you might want to enable a request
whose origin is http://www.example.com to access your Amazon
S3 bucket at my.example.bucket.com by using the browser's
XMLHttpRequest capability.
To enable cross-origin resource sharing (CORS) on a bucket, you add the
cors subresource to the bucket. The cors
subresource is an XML document in which you configure rules that identify
origins and the HTTP methods that can be executed on your bucket. The
document is limited to 64 KB in size.
When Amazon S3 receives a cross-origin request (or a pre-flight OPTIONS
request) against a bucket, it evaluates the cors
configuration on the bucket and uses the first CORSRule rule
that matches the incoming browser request to enable a cross-origin
request. For a rule to match, the following conditions must be met:
-
The request's
Originheader must matchAllowedOriginelements. -
The request method (for example, GET, PUT, HEAD, and so on) or the
Access-Control-Request-Methodheader in case of a pre-flightOPTIONSrequest must be one of theAllowedMethodelements. -
Every header specified in the
Access-Control-Request-Headersrequest header of a pre-flight request must match anAllowedHeaderelement.
The following operations are related to PutBucketCors:
Parameter bucket :
Specifies the bucket impacted by the corsconfiguration.
Parameter cORSConfiguration :
Describes the cross-origin access configuration for objects in an Amazon
S3 bucket. For more information, see Enabling
Cross-Origin Resource Sharing in the Amazon S3 User Guide.
Parameter checksumAlgorithm :
Indicates the algorithm used to create the checksum for the request when
you use the SDK. This header will not provide any additional functionality
if you don't use the SDK. When you send this header, there must be a
corresponding x-amz-checksum or x-amz-trailer
header sent. Otherwise, Amazon S3 fails the request with the HTTP status
code 400 Bad Request. For more information, see Checking
object integrity in the Amazon S3 User Guide.
If you provide an individual checksum, Amazon S3 ignores any provided
ChecksumAlgorithm parameter.
Parameter contentMD5 :
The Base64 encoded 128-bit MD5 digest of the data. This
header must be used as a message integrity check to verify that the
request body was not corrupted in transit. For more information, go to RFC 1864.
For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.
Parameter expectedBucketOwner :
The account ID of the expected bucket owner. If the account ID that you
provide does not match the actual owner of the bucket, the request fails
with the HTTP status code 403 Forbidden (access denied).
Implementation
Future<void> putBucketCors({
required String bucket,
required CORSConfiguration cORSConfiguration,
ChecksumAlgorithm? checksumAlgorithm,
String? contentMD5,
String? expectedBucketOwner,
}) async {
final headers = <String, String>{
if (checksumAlgorithm != null)
'x-amz-sdk-checksum-algorithm': checksumAlgorithm.value,
if (contentMD5 != null) 'Content-MD5': contentMD5.toString(),
if (expectedBucketOwner != null)
'x-amz-expected-bucket-owner': expectedBucketOwner.toString(),
};
await _protocol.send(
method: 'PUT',
requestUri: '/${Uri.encodeComponent(bucket)}?cors',
headers: headers,
payload: cORSConfiguration.toXml('CORSConfiguration'),
exceptionFnMap: _exceptionFns,
);
}