OPTIONS Object

Functions

For details, see OPTIONS Bucket.

Differences Between OPTIONS Bucket and OPTIONS Object

With the OPTIONS Object, you need to specify an object name in the URL, but an object name is not required with the OPTIONS Bucket, which uses the bucket domain name as the URL. The request lines of the two methods are as follows:

OPTIONS /object HTTP/1.1
OPTIONS / HTTP/1.1

Request Syntax

OPTIONS /object HTTP/1.1
Host: bucketname.obs.region.example.com
Date: date
Authorization: authorization
Origin: origin
Access-Control-Request-Method: method

Request Parameters

This request contains no message parameters.

Request Headers

Table 1 describes headers used by this request.

Table 1 OPTIONS request headers

Header

Description

Mandatory

Origin

Origin of the cross-domain request specified by the pre-request. Generally, it is a domain name set in CORS.

Type: string

Yes

Access-Control-Request-Method

Indicates an HTTP method that can be used by a request. The request can use multiple method headers.

Type: string

Value options: GET, PUT, HEAD, POST, DELETE

Yes

Access-Control-Request-Headers

Indicates the HTTP headers of a request. The request can use multiple HTTP headers.

Type: string

No

Request Elements

This request involves no elements.

Response Syntax

HTTP/1.1 status_code
Content-Type: type
Access-Control-Allow-Origin: origin
Access-Control-Allow-Methods: method
Access-Control-Allow-Header: header
Access-Control-Max-Age: time
Access-Control-Expose-Headers: header
Date: date
Content-Length: length

Response Headers

The request uses the headers described in Table 2.

Table 2 CORS request headers

Header

Description

Access-Control-Allow-Origin

If the origin of a request meets server CORS configuration requirements, the response contains the origin.

Type: string

Access-Control-Allow-Headers

If the headers of a request meet server CORS configuration requirements, the response contains the headers.

Type: string

Access-Control-Max-Age

Value of MaxAgeSeconds in the CORS configuration of a server.

Type: integer

Access-Control-Allow-Methods

If the Access-Control-Request-Method of a request meets server CORS configuration requirements, the response contains the methods in the rule.

Type: string

Value options: GET, PUT, HEAD, POST, DELETE

Access-Control-Expose-Headers

Indicates ExposeHeader in the CORS configuration of a server.

Type: string

Response Elements

This response contains no elements.

Error Responses

Table 3 describes possible special errors in the request.

Table 3 Special error

Error Code

Description

HTTP Status Code

Bad Request

Invalid Access-Control-Request-Method: null

When CORS and OPTIONS are configured for a bucket, no method header is added.

400 BadRequest

Bad Request

Insufficient information. Origin request header needed.

When CORS and OPTIONS are configured for a bucket, no origin header is added.

400 BadRequest

AccessForbidden

CORSResponse: This CORS request is not allowed. This is usually because the evaluation of Origin, request method/Access-Control-Request-Method or Access-Control-Request-Headers are not whitelisted by the resource's CORS spec.

When CORS and OPTIONS are configured for a bucket, origin, method, and headers do not match any rule.

403 Forbidden

For other errors, see Table 2.

Sample Request

OPTIONS /object_1 HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.example.com
Accept: */*
Date: WED, 01 Jul 2015 04:02:19 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:bQZG9c2aokAJsHOOkuVBK6cHZZQ=
Origin: www.example.com
Access-Control-Request-Method: PUT

Sample Response

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF26000001643632D12EFCE1C1294555
Access-Control-Allow-Origin: www.example.com
Access-Control-Allow-Methods: POST,GET,HEAD,PUT,DELETE
Access-Control-Max-Age: 100
Access-Control-Expose-Headers: ExposeHeader_1,ExposeHeader_2
Access-Control-Allow-Credentials: true
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS+DXV4zZetbTqFehhEcuXywTa/mi3T3
Date: WED, 01 Jul 2015 04:02:19 GMT
Content-Length: 0