OPTIONS Bucket

OPTIONS refers to pre-requests that are sent to servers by clients. Generally, you can use these requests to check whether clients have permissions to perform operations on servers. Only after a pre-request is returned successfully, clients start to execute the follow-up requests.

OBS allows buckets to store static web resources. The buckets of OBS can serve as website resources if the buckets are properly used. In this scenario, buckets in OBS serve as servers to process OPTIONS pre-requests from clients.

OBS can process OPTIONS pre-requests only after CORS is configured for buckets in OBS. For details about CORS, see PUT Bucket CORS.

Request Syntax

OPTIONS / HTTP/1.1
Host: bucketname.obs.cn-north-1.myhwclouds.com
Date: date
Authorization: authorization
Origin: origin
Access-Control-Request-Method: method

Request Parameters

This request contains no parameter.

Request Headers

Table 1 lists the request headers.

Table 1 OPTIONS request headers

Header

Description

Required or Optional

Origin

Indicates an origin specified by a pre-request. Generally, it is a domain name.

Type: String

Required

Access-Control-Request-Method

Indicates an HTTP method that can be used by a request. The request can use multiple method headers.

Type: String

Valid values: GET, PUT, HEAD, POST, and DELETE

Required

Access-Control-Request-Headers

Indicates the HTTP headers of a request. The request can use multiple HTTP headers.

Type: String

Optional

Request Elements

This request contains no element.

Response Syntax

HTTP/1.1 status_code
Content-Type: application/xml
Access-Control-Allow-Origin: origin
Access-Control-Allow-Methods: method
Access-Control-Allow-Header: header
Access-Control-Max-Age: time
Access-Control-Expose-Headers: header
Date: date
Content-Length: length

Response Headers

Table 2 lists the response headers.

Table 2 CORS response headers

Header

Description

Access-Control-Allow-Origin

If the origin of a request meets server CORS configuration requirements, the response contains the origin.

Type: string

Access-Control-Allow-Headers

If the headers of a request meet server CORS configuration requirements, the response contains the headers.

Type: string

Access-Control-Max-Age

Indicates MaxAgeSeconds in the CORS configuration of a server.

Type: integer

Access-Control-Allow-Methods

If the Access-Control-Request-Method of a request meets server CORS configuration requirements, the response contains the methods in the rule.

Type: string

Valid values: GET, PUT, HEAD, POST, and DELETE

Access-Control-Expose-Headers

Indicates ExposeHeader in the CORS configuration of a server.

Type: string

Response Elements

This response contains no element.

Error Responses

Table 3 describes possible special errors in the request.

Table 3 Special errors

Error Code

Description

HTTP Status Code

Bad Request

Invalid Access-Control-Request-Method: null

When CORS and OPTIONS are configured for a bucket, no method header is added.

400 BadRequest

Bad Request

Insufficient information. Origin request header needed.

When CORS and OPTIONS are configured for a bucket, no origin header is added.

400 BadRequest

AccessForbidden

CORSResponse: This CORS request is not allowed. This is usually because the evalution of Origin, request method / Access-Control-Request-Method or Access-Control-Requet-Headers are not whitelisted by the resource's CORS spec.

When CORS and OPTIONS are configured for a bucket, origin, method, and headers do not match any rule.

403 Forbidden

For other errors, see Table 1.

Registration