Setting Container Metadata

Setting Container ACLs

The ability to read and write objects in a container is governed by the Access Control Lists (ACLs) assigned to the container. Any user with the Service Administrator role can perform this task.

A container has two ACLs, X-Container-Read and X-Container-Write.

The X-Container-Read ACL consists of a comma-separated list of roles or referrer designations. The X-Container-Write ACL consists of a comma-separated list of roles.

  • The roles can be built-in roles or custom roles. Custom roles are defined in the Users tab in the My Services page.
    • For a role that was provisioned as part of another service instance, the format is domainName.serviceName.roleName
    • For a custom role, the format is domainName.roleName
  • A referrer designation indicates the host (or hosts) for which read access to the container should be allowed or denied. When the server receives a request for the container, it compares the referrer designations specified in the X-Container-Read ACL with the value of the Referer header in the request, and determines whether access should be allowed or denied. The syntax of the referrer designation is: .r:value
    • value indicates the host for which access to the container should be allowed. It can be a specific host name (example: .r:www.example.com), a domain (example: .r:.example.com), or an asterisk (.r:*) to indicate all hosts. Note that if .r:* is specified, objects in the container will be publicly readable without authentication.
    • A minus sign (-) before value (example: .r:-temp.example.com) indicates that the host specified in the value field must be denied access to the container.
    • By default, read access to a container does not include permission to list the objects in the container. To allow listing of objects as well, include the .rlistings directive in the ACL (example: .r:*,.rlistings).

You can create custom roles only for a traditional Cloud account. See Adding a Custom Role in Managing and Monitoring Oracle Cloud.

For cloud accounts with Identity Cloud Service, see Managing Oracle Identity Cloud Service Users.

You can set container ACLs by using the following interfaces:
Interface Resources

Web Console

(Not available on Oracle Cloud at Customer)

See Setting Container ACLs Using the Web Console.

RESTful API

See Create, update, or delete container metadata in REST API for Standard Storage in Oracle Cloud Infrastructure Object Storage Classic.

Java Library

See setContainerAcl in Java API Reference for Oracle Cloud Infrastructure Object Storage Classic.

File Transfer Manager API

See setWriteAcl() in Java API Reference for Oracle Cloud Infrastructure Object Storage Classic File Transfer Manager.

Setting Container ACLs Using the Web Console

(Not available on Oracle Cloud at Customer)
  1. Sign in to the Oracle Cloud Infrastructure Object Storage Classic console.

    The list of containers is displayed.

  2. Select the container for which you would like to set the read/write access.
  3. Expand Container Information.

    The details of the container are displayed.

  4. Click Edit.

    Look for Permissions under Container Properties.

  5. Click Add Role.
  6. Enter the desired value in the empty field.
    By default, the following ACLs are set:
    • Storage_ReadWriteGroup to provide both read and write access to a user.

    • Storage_ReadOnlyGroup to provide read only access to a user

  7. Click Save.

Setting Container ACLs Using the REST API

cURL Command Syntax

curl -v -X POST \
     -H "X-Auth-Token: token" \
     –H "X-Container-Read: item[,item...]" \
     –H "X-Container-Write: item[,item...]" accountURL/containerName

Note:

When you send a REST API request to Oracle Cloud Infrastructure Object Storage Classic, all non-ASCII characters in container names, object names and metadata values must be URL-encoded. For example, my container should be encoded as my%20container, where %20 is the HTML encoding for the space character. Similarly, my Über Container should be encoded as my%20%C3%9Cber%20Container, where %20 represents the space character and %C3%9C is the Ü character.

HTTP Response Codes

cURL Command Examples

Sample Cloud account with the following details:
  • IDCS GUID: idcs-b75f75ed2528447fb59a798c1f08a38d (for a sample IDCS account)
  • Account name: acme (for a sample IDCS or traditional account)
  • REST Endpoint URL for the sample account: https://acme.storage.oraclecloud.com/v1/Storage-acme
  • REST Endpoint (Permanent) URL for the sample account: https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365

    Note:

    The REST Endpoint (Permanent) URL is displayed for the accounts created after November 2017.
The following commands set up ACLs for the container named FirstContainer:
  • Provide write access for any user with the predefined role, Storage_ReadWriteGroup and the custom role, myCustomRole:
    • Using the REST Endpoint URL obtained from the REST Endpoint field in the My Services dashboard:
      curl -v -X POST \
              -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
              -H "X-Container-Write: myDomain.Storage.Storage_ReadWriteGroup,myDomain.myCustomRole" \
              https://acme.storage.oraclecloud.com/v1/Storage-acme/FirstContainer
      
      The following is an example of the output of this command:
      > POST /v1/Storage-acme/FirstContainer HTTP/1.1
      > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
      > Host: acme.storage.oraclecloud.com
      > Accept: */*
      > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
      > X-Container-Write:Storage-acme.Storage.Storage_ReadWriteGroup,Storage-acme.myCustomRole
      >
      < HTTP/1.1 204 No Content
      < Date: Fri, 06 Mar 2015 11:19:21 GMT
      < Content-Length: 0
      < Content-Type: text/html; charset=UTF-8
      < X-Trans-Id: txbf2c736d57494bf88e76a-0054f98d39
      < Cache-Control: no-cache
      < Pragma: no-cache
      < Content-Language: en
      
  • Using the Service Permanent REST Endpoint URL obtained from the REST Endpoint (Permanent) field in the My Services dashboard:

    Note:

    This cURL command example applies to the accounts created after November 2017.
    curl -v -X POST \
            -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
            -H "X-Container-Write: myDomain.Storage.Storage_ReadWriteGroup,myDomain.myCustomRole" \
            https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365/FirstContainer
    
    The following is an example of the output of this command:
    > POST /v1/Storage-7b16fede61e1417ab83eb52e06f0e365/FirstContainer HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: acme.storage.oraclecloud.com
    > Accept: */*
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    > X-Container-Write:Storage-7b16fede61e1417ab83eb52e06f0e365.Storage.Storage_ReadWriteGroup,Storage-7b16fede61e1417ab83eb52e06f0e365.myCustomRole
    >
    < HTTP/1.1 204 No Content
    < Date: Fri, 06 Mar 2015 11:19:21 GMT
    < Content-Length: 0
    < Content-Type: text/html; charset=UTF-8
    < X-Trans-Id: txbf2c736d57494bf88e76a-0054f98d39
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    
  • Provide read access for all hosts and also allow listing of the objects in the container:
    • Using the REST Endpoint URL obtained from the REST Endpoint field in the My Services dashboard:
      curl -v -X POST \
           -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
           -H "X-Container-Read: .r:*,.rlistings" \
           https://acme.storage.oraclecloud.com/v1/Storage-acme/FirstContainer
      

      The following is an example of the output of this command:

      > POST /v1/Storage-acme/FirstContainer HTTP/1.1
      > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
      > Host: acme.storage.oraclecloud.com
      > Accept: */*
      > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
      > X-Container-Read: .r:*,.rlistings
      >
      < HTTP/1.1 204 No Content
      < Date: Fri, 06 Mar 2015 11:23:16 GMT
      < Content-Length: 0
      < Content-Type: text/html; charset=UTF-8
      < X-Trans-Id: tx9127a70f18144c17afce5-0054f98e24
      < Cache-Control: no-cache
      < Pragma: no-cache
      < Content-Language: en
      0
    • Using the Service Permanent REST Endpoint URL obtained from the REST Endpoint (Permanent) field in the My Services dashboard:

      Note:

      This cURL command example applies to the accounts created after November 2017.
      curl -v -X POST \
           -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
           -H "X-Container-Read: .r:*,.rlistings" \
           https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365/FirstContainer
      

      The following is an example of the output of this command:

      > POST /v1/Storage-7b16fede61e1417ab83eb52e06f0e365/FirstContainer HTTP/1.1
      > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
      > Host: acme.storage.oraclecloud.com
      > Accept: */*
      > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
      > X-Container-Read: .r:*,.rlistings
      >
      < HTTP/1.1 204 No Content
      < Date: Fri, 06 Mar 2015 11:23:16 GMT
      < Content-Length: 0
      < Content-Type: text/html; charset=UTF-8
      < X-Trans-Id: tx9127a70f18144c17afce5-0054f98e24
      < Cache-Control: no-cache
      < Pragma: no-cache
      < Content-Language: en
      0

Setting Container Quotas

For each container, you can set quotas for the maximum number of bytes the container can contain (X-Container-Meta-Quota-Bytes) and the maximum number of objects the container can contain (X-Container-Meta-Quota-Count).

Any user with the Service Administrator role can perform this task.

You can set container quotas by using the following interfaces:
Interface Resources

RESTful API

See Create, update, or delete container metadata in REST API for Standard Storage in Oracle Cloud Infrastructure Object Storage Classic.

File Transfer Manager CLI

See setQuotaBytes()in Command-Line Reference for Oracle Cloud Infrastructure Object Storage Classic.

cURL Command Syntax

curl -v -X POST \
     -H "X-Auth-Token: token" \
     -H "X-Container-Meta-Quota-Bytes: maxBytes" \
     -H "X-Container-Meta-Quota-Count: maxObjects" accountURL/containerName

Note:

When you send a REST API request to Oracle Cloud Infrastructure Object Storage Classic, all non-ASCII characters in container names, object names and metadata values must be URL-encoded. For example, my container should be encoded as my%20container, where %20 is the HTML encoding for the space character. Similarly, my Über Container should be encoded as my%20%C3%9Cber%20Container, where %20 represents the space character and %C3%9C is the Ü character.

HTTP Response Codes

For information about getting container quota, see Getting Container Metadata.

cURL Command Examples

Sample Cloud account with the following details:
  • Account name: acme
  • REST Endpoint URL: https://acme.storage.oraclecloud.com/v1/Storage-acme
  • REST Endpoint (Permanent) URL: https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365

    Note:

    The REST Endpoint (Permanent) URL is displayed for the accounts created after November 2017.
  • Using the REST Endpoint URL obtained from the REST Endpoint field in the My Services dashboard:
    curl -v -X POST \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Container-Meta-Quota-Bytes: 10737418240" \
         -H "X-Container-Meta-Quota-Count: 100" \
         https://acme.storage.oraclecloud.com/v1/Storage-acme/FirstContainer
    

    This command sets a quota of 10737418240 bytes (10 GB) and 100 objects for the container named FirstContainer. The following is an example of the output of this command:

    > POST /v1/Storage-acme/FirstContainer HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: acme.storage.oraclecloud.com
    > Accept: */*
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    > X-Container-Meta-Quota-Bytes: 10737418240
    > X-Container-Meta-Quota-Count: 100
    >
    < HTTP/1.1 204 No Content
    < Date: Fri, 06 Mar 2015 11:32:19 GMT
    < Content-Length: 0
    < Content-Type: text/html; charset=UTF-8
    < X-Trans-Id: txe8869b3edea348e5b49eb-0054f99043
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    
  • Using the Service Permanent REST Endpoint URL obtained from the REST Endpoint (Permanent) field in the My Services dashboard:
    curl -v -X POST \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Container-Meta-Quota-Bytes: 10737418240" \
         -H "X-Container-Meta-Quota-Count: 100" \
         https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365/FirstContainer
    

    This command sets a quota of 10737418240 bytes (10 GB) and 100 objects for the container named FirstContainer. The following is an example of the output of this command:

    > POST /v1/Storage-7b16fede61e1417ab83eb52e06f0e365/FirstContainer HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com
    > Accept: */*
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    > X-Container-Meta-Quota-Bytes: 10737418240
    > X-Container-Meta-Quota-Count: 100
    >
    < HTTP/1.1 204 No Content
    < Date: Fri, 06 Mar 2015 11:32:19 GMT
    < Content-Length: 0
    < Content-Type: text/html; charset=UTF-8
    < X-Trans-Id: txe8869b3edea348e5b49eb-0054f99043
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    

Setting Custom Metadata for Containers

Custom metadata are arbitrary key-value pairs associated with a container. You may create any custom or arbitrary metadata you need.

Any user with the Service Administrator role can perform this task.

You can set custom metadata for containers by using the following interfaces:
Interface Resources

Web Console

(Not available on Oracle Cloud at Customer)

See Setting Custom Metadata Using the Web Console.

RESTful API

See Create, update, or delete container metadata in REST API for Standard Storage in Oracle Cloud Infrastructure Object Storage Classic.

Java Library

See updateContainerMetadata in Java API Reference for Oracle Cloud Infrastructure Object Storage Classic.

File Transfer Manager CLI

See setCustomMetadata() in Command-Line Reference for Oracle Cloud Infrastructure Object Storage Classic.

Setting Custom Metadata Using the Web Console

(Not available on Oracle Cloud at Customer)
  1. Sign in to the Oracle Cloud Infrastructure Object Storage Classic console.
  2. Select the container for which you would like to set the custom metadata.
  3. Expand Container Information.

    The details of the container are displayed.

  4. Click Edit.

    Look for the Custom Metadata field.

  5. Click Add Metadata.
  6. Enter the metadata name and value in the fields under Add Metadata.

    Note:

    Ensure that the custom metadata name and value comply with the input restrictions mentioned in Character Restrictions.
  7. Click Save.

    The metadata name and value are displayed in the Container Information pane.

Setting Custom Metadata Using the REST API

cURL Command Syntax

curl -v -X POST \
     -H "X-Auth-Token: token" \
     -H "X-Container-Meta-Name: value" \
     accountURL/containerName

Note:

When you send a REST API request to Oracle Cloud Infrastructure Object Storage Classic, all non-ASCII characters in container names, object names and metadata values must be URL-encoded. For example, my container should be encoded as my%20container, where %20 is the HTML encoding for the space character. Similarly, my Über Container should be encoded as my%20%C3%9Cber%20Container, where %20 represents the space character and %C3%9C is the Ü character.

HTTP Response Codes

cURL Command Examples

Sample Cloud account with the following details:
  • Account name: acme
  • REST Endpoint URL: https://acme.storage.oraclecloud.com/v1/Storage-acme
  • REST Endpoint (Permanent) URL: https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365

    Note:

    The REST Endpoint (Permanent) URL is displayed for the accounts created after November 2017.
  • Using the REST Endpoint URL obtained from the REST Endpoint field in the My Services dashboard:
    curl -v -X POST \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Container-Meta-Category: Books" \
         https://acme.storage.oraclecloud.com/v1/Storage-acme/FirstContainer
    

    The following is an example of the output of this command:

    > POST /v1/Storage-acme/FirstContainer HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: acme.storage.oraclecloud.com
    > Accept: */*
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    > X-Container-Meta-Category: Books
    >
    < HTTP/1.1 204 No Content
    < Date: Fri, 06 Mar 2015 11:35:35 GMT
    < Content-Length: 0
    < Content-Type: text/html; charset=UTF-8
    < X-Trans-Id: tx3e77b77de39f4097a5a49-0054f99107
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    
  • Using the Service Permanent REST Endpoint URL obtained from the REST Endpoint (Permanent) field in the My Services dashboard:

    Note:

    This cURL command example applies to the accounts created after November 2017.
    curl -v -X POST \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Container-Meta-Category: Books" \
         https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365/FirstContainer
    

    The following is an example of the output of this command:

    > POST /v1/Storage-7b16fede61e1417ab83eb52e06f0e365/FirstContainer HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com
    > Accept: */*
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    > X-Container-Meta-Category: Books
    >
    < HTTP/1.1 204 No Content
    < Date: Fri, 06 Mar 2015 11:35:35 GMT
    < Content-Length: 0
    < Content-Type: text/html; charset=UTF-8
    < X-Trans-Id: tx3e77b77de39f4097a5a49-0054f99107
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    

For information about getting custom container metadata, see Getting Container Metadata.

For information about deleting custom container metadata, see Deleting Container Metadata.

Enabling CORS for a Container

Cross-Origin Resource Sharing (CORS) allows browser-based programs (like JavaScript) to access resources in another domain. This enables web applications to access Oracle Cloud Infrastructure Object Storage Classic, overcoming the Same-Origin policy that’s used by browsers to prevent access to resources in other domains.

To enable CORS access for a container, complete the following steps:
  1. Specify the origins from which requests are allowed, by setting the X-Container-Meta-Access-Control-Allow-Origin metadata header.

    cURL Command Syntax

    curl -i -XPOST \
         -H "X-Auth-Token: token" \
         -H "X-Container-Meta-Access-Control-Allow-Origin: origins" \
         accountURL/containerName
    
    • token is the authentication token obtained earlier from Oracle Cloud Infrastructure Object Storage Classic. See Authenticating Access When Using the REST API
    • origins is a space-separated list of the origins from which you want to allow CORS requests to the container
    • containerName is the name of the container for which custom metadata should be created.

    HTTP Response Codes

    Sample Cloud account with the following details:
    • Account name: acme
    • REST Endpoint URL: https://acme.storage.oraclecloud.com/v1/Storage-acme
    • REST Endpoint (Permanent) URL: https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365

      Note:

      The REST Endpoint (Permanent) URL is displayed for the accounts created after November 2017.

    The REST Endpoint URL for the sample Cloud account is used in all the cURL command examples in this section. To use the REST Endpoint (Permanent) URL, replace https://acme.storage.oraclecloud.com/v1/Storage-acme with https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365.

    cURL Command Example

    This example shows how to allow CORS requests from two origins (http://acme-admin.example.com and http://acme-app.example.com) to a container named myContainer.

    curl -i -XPOST \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Container-Meta-Access-Control-Allow-Origin: http://acme-admin.example.com/ http://acme-app.example.com/" \
         https://acme.storage.oraclecloud.com/v1/Storage-acme/myContainer
    

    Note:

    To allow access to the container from any domain, set the X-Container-Meta-Access-Control-Allow-Origin header value to “*”.

    The following is an example of the output of this command:

    < HTTP/1.1 204 No Content
    < X-Trans-Id: tx3e77b77de39f4097a5a49-0054f99107
    < Date: Fri, 06 Mar 2015 11:35:35 GMT
    < Connection: keep-alive
    < X-Last-Modified-Timestamp: 1469879583.18732
    < Content-Type: text/html; charset=UTF-8
    
  2. (Optional) Set the duration that the origins can hold the results of an OPTIONS request, by setting the X-Container-Meta-Access-Control-Max-Age header. Browsers typically send an OPTIONS request first to check whether the origin is allowed to send requests.

    cURL Command Syntax

    curl -i -XPOST \
         -H "X-Auth-Token: token" \
         -H "X-Container-Meta-Access-Control-Max-Age: maxAge" \
         accountURL/containerName
    
    • maxAge is the time (in seconds) for which the results of the OPTIONS request must be valid.

    HTTP Response Codes

    cURL Command Example

    curl -i -XPOST \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Container-Meta-Access-Control-Max-Age: 10000" \
         https://acme.storage.oraclecloud.com/v1/Storage-acme/myContainer
    

    The following is an example of the output of this command:

    < HTTP/1.1 204 No Content
    < X-Trans-Id: txd0af08f8298140c599348-00579c95bdga
    < Date: Fri, 06 Mar 2015 11:35:36 GMT
    < Connection: keep-alive
    < X-Last-Modified-Timestamp: 1469879741.41535
    < Content-Type: text/html; charset=UTF-8
    
  3. (Optional) Specify the response headers that the service should return in response to CORS requests to this container, by setting the X-Container-Meta-Access-Control-Expose-Headers metadata header. If this header is not set explicitly, the response to CORS requests will return the container’s standard metadata along with any CORS metadata headers that're set for the container. To view the list of container’s standard metadata, see Getting Container Metadata.

    cURL Command Syntax

    curl -i -XPOST \
         -H "X-Auth-Token: token" \
         -H "X-Container-Meta-Access-Control-Expose-Headers: headers" \
         accountURL/containerName
    
    • headers is a space-separated list of the headers that the service must return in response to CORS requests to the container.

    HTTP Response Codes

    cURL Command Example

    This example shows how to set up the service to return two headers (X-Container-Object-Count and X-Container-Bytes-Used) in response to CORS requests to the container named myContainer.

    curl -i -XPOST \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Container-Meta-Access-Control-Expose-Headers: X-Container-Object-Count X-Container-Bytes-Used" \
         https://acme.storage.oraclecloud.com/v1/Storage-acme/myContainer
    

    The following is an example of the output of this command:

    < HTTP/1.1 204 No Content
    < X-Trans-Id: tx3e708ed6834d4ba4bf1cd-00579c95bdga
    < Date: Fri, 06 Mar 2015 11:35:37 GMT
    < Connection: keep-alive
    < X-Last-Modified-Timestamp: 1469879793.38545
    < Content-Type: text/html; charset=UTF-8
    
  4. To verify CORS access, do the following:
    1. Send an OPTIONS request to find out whether requests from your origin are allowed and to get a list of the allowed methods.

      cURL Command Syntax

      curl -i -XOPTIONS \
           -H "X-Auth-Token: token" \
           -H "Origin: myURL" \
           -H "Access-Control-Request-Method: method" \
           accountURL/containerName/objectName
      
      • myURL is the origin of the request.
      • method is type of request you want to make, such as HEAD, GET, PUT, POST or DELETE.
      • objectName is the name of the object you want to access or update.

      HTTP Response Codes

      cURL Command Example

      This example shows how to send OPTIONS request from the origin http://www.example.com for the GET method to an object named myObject in the container named myContainer.

      curl -i -XOPTIONS \
           -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
           -H "Origin: http://www.example.com" \
           -H "Access-Control-Request-Method: GET" \
           https://acme.storage.oraclecloud.com/v1/Storage-acme/myContainer/myObject
      

      The following is an example of the output of this command:

      < HTTP/1.1 200 OK
      < Allow: HEAD, GET, PUT, POST, OPTIONS, DELETE
      < Content-Length: 0
      < Date: Fri, 06 Mar 2015 11:35:38 GMT
      
    2. Send the actual request such as HEAD, GET, PUT, POST or DELETE.

      cURL Command Syntax

      curl -i -Xmethod \
           -H "X-Auth-Token: token" \
           -H "Origin: myURL" \
           accountURL/containerName/objectName
      
      • method is the actual request such as HEAD, GET, PUT, POST or DELETE.
      • objectName is the name of the object which has to be accessed or updated.

      HTTP Response Codes

      cURL Command Example

      This example shows how to send GET request from the origin http://www.example.com to an object named myObject in the container named myContainer.

      curl -i -XGET \
           -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
           -H "Origin: http://www.example.com" \
           https://acme.storage.oraclecloud.com/v1/Storage-acme/myContainer/myObject
      

      The following is an example of the output of this command:

      < HTTP/1.1 200 OK
      < Accept-Ranges: bytes
      < Last-Modified: Fri, 06 Mar 2015 10:35:00 GMT
      < Etag: d41d8cd98f00b204e9800998ecf8427e
      < X-Timestamp: 1469879406.30001
      < X-Trans-Id: tx2a649bebc5d64bdfa8cc6-00579c96daga
      < Date: Fri, 06 Mar 2015 11:35:38 GMT
      < Connection: keep-alive
      < X-Last-Modified-Timestamp: 1469879406.30001
      < Content-Type: application/octet-stream;charset=UTF-8
      < Content-Length: 0
      

Making Objects in a Container Immutable

You can make the objects in your container immutable by setting the Write-Once-Read-Many (WORM) policy for your container to prevent the users from modifying and deleting the objects in the container for a specified duration. The container-level WORM policy applies to all the objects that’re uploaded to the container, unless an object has it’s own object-level WORM policy set during upload.

Once you’ve set a container’s WORM policy, you cannot change it. When the WORM policy expires, you can delete the objects in the container but can’t modify the objects or object metadata. To set the WORM policy for a specific object, see Making an Object Immutable.

You must have the Service Administrator role to set a container’s WORM policy header X-Worm-Expiration-Days.

For information about using the REST API to set the container metadata, see Create, Update, or Delete Container Metadata in REST API for Standard Storage in Oracle Cloud Infrastructure Object Storage Classic.

cURL Command Syntax

To set the WORM policy for an empty container:

curl -v -X POST \
     -H "X-Auth-Token: token" \
     -H "X-Worm-Expiration-Days: period" \
     accountURL/containerName

To set the WORM policy while creating a container:

curl -v -X PUT \
     -H "X-Auth-Token: token" \
     -H "X-Worm-Expiration-Days: period" \
     accountURL/containerName

Note:

When you send a REST API request to Oracle Cloud Infrastructure Object Storage Classic, all non-ASCII characters in container names, object names and metadata values must be URL-encoded. For example, my container should be encoded as my%20container, where %20 is the HTML encoding for the space character. Similarly, my Über Container should be encoded as my%20%C3%9Cber%20Container, where %20 represents the space character and %C3%9C is the Ü character.

HTTP Response Codes

For information about getting container metadata, see Getting Container Metadata.

cURL Command Examples

Sample Cloud account with the following details:
  • Account name: acme
  • REST Endpoint URL: https://acme.storage.oraclecloud.com/v1/Storage-acme
  • REST Endpoint (Permanent) URL: https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365

    Note:

    The REST Endpoint (Permanent) URL is displayed for the accounts created after November 2017.

The REST Endpoint URL for the sample Cloud account is used in all the cURL command examples in this section. To use the REST Endpoint (Permanent) URL, replace https://acme.storage.oraclecloud.com/v1/Storage-acme with https://storage-7b16fede61e1417ab83eb52e06f0e365.storage.oraclecloud.com/v1/Storage-7b16fede61e1417ab83eb52e06f0e365.

  • This command sets the WORM policy of 4 days for the container FirstContainer:

    curl -v -X POST \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Worm-Expiration-Days: 4" \
         https://acme.storage.oraclecloud.com/v1/Storage-acme/FirstContainer
    

    The following is an example of the output of this command:

    > POST /v1/Storage-acme/FirstContainer HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: acme.storage.oraclecloud.com
    > Accept: */*
    > X-Worm-Expiration-Days: 4
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    >
    < HTTP/1.1 204 No Content
    < Date: Tue, 06 Dec 2016 11:32:19 GMT
    < Content-Type: text/html; charset=UTF-8
    < X-Trans-Id: txe8869b3edea348e5b49eb-0054f99043
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    
  • This command creates the container SecondContainer and sets the WORM policy of 2 days:

    curl -v -X PUT \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         -H "X-Worm-Expiration-Days: 2" \
         https://acme.storage.oraclecloud.com/v1/Storage-acme/SecondContainer
    

    The following is an example of the output of this command:

    > PUT /v1/Storage-acme/SecondContainer HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: acme.storage.oraclecloud.com
    > Accept: */*
    > X-Worm-Expiration-Days: 2
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    >
    < HTTP/1.1 201 Created
    < Date: Tue, 06 Dec 2016 11:36:24 GMT
    < Content-Type: text/html; charset=UTF-8
    < X-Trans-Id: txe8869b3edea348e5b49eb-0054f99078
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    
  • This command gets the header values of the object ObjectA in the container FirstContainer that already has a WORM policy of 4 days set:

    curl -v -s -X HEAD \
         -H "X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b" \
         https://acme.storage.oraclecloud.com/v1/Storage-acme/FirstContainer/ObjectA
    

    In the following example of the output of this command, the object header X-Worm-Expiration-At is indicating the Epoch expiration time of the WORM policy that is set on the container:

    > HEAD /v1/Storage-acme/FirstContainer/ObjectA HTTP/1.1
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    > Host: acme.storage.oraclecloud.com
    > Accept: */*
    > 
    > X-Auth-Token: AUTH_tkb4fdf39c92e9f62cca9b7c196f8b6e6b
    >
    < HTTP/1.1 200 OK
    < Date: Tue, 06 Dec 2016 11:37:09 GMT
    < X-Worm-Expiration-At: 1481366700
    < Content-Type: text/html; charset=UTF-8
    < X-Timestamp: 1481024229
    < X-Trans-Id: txe8869b3edea348e5b49eb-005417894
    < Cache-Control: no-cache
    < Pragma: no-cache
    < Content-Language: en
    

    Here, the Epoch expiration time 1481366700 corresponds to the date Sat, 10 Dec 2016 11:45:00 GMT which is 4 days from the date Tue, 06 Dec 2016 11:45:00 GMT when the object was uploaded. See http://epochconverter.com.