OPTIONS Bucket¶
OPTIONS refers to pre-requests that are sent to servers by clients. Generally, you can use these requests to check whether clients have permission to perform operations on servers. Only after a pre-request is returned successfully, clients start to execute the follow-up requests.
OBS allows buckets to store static web resources. The buckets of OBS can serve as website resources if the buckets are properly used. In this scenario, buckets in OBS serve as servers to process OPTIONS pre-requests from clients.
OBS can process OPTIONS pre-requests only after CORS is configured for buckets in OBS. For details about CORS, see section PUT Bucket CORS.
Request Syntax¶
OPTIONS / HTTP/1.1
User-Agent: agent
Host: bucketname.obs.example.com
Accept: */*
Date: date
Authorization: authorization
Origin: origin
Access-Control-Request-Method: method
Request Parameters¶
This request involves no parameters.
Request Headers¶
Table 1 lists the request headers.
Header | Description | Remarks |
|---|---|---|
Origin | Indicates an origin specified by a pre-request. Generally, it is a domain name. Type: String | Mandatory |
Access-Control-Request-Method | Indicates an HTTP method that can be used by a request. The request can use multiple method headers. Type: String Valid values: GET, PUT, HEAD, POST, and DELETE | Mandatory |
Access-Control-Request-Headers | Indicates the HTTP headers of a request. The request can use multiple HTTP headers. Type: String | Optional |
x-amz-security-token | Header field used to identify the request of a federated user. When the federal authentication function is enabled, users sending such requests are identified as federated users. Type: string | Optional. This parameter must be carried in the request sent by federated users. |
Request Elements¶
This request involves no elements.
Response Syntax¶
HTTP/1.1 status_code
x-amz-request-id: request id
x-amz-id-2: id
Access-Control-Allow-Origin: origin
Access-Control-Allow-Methods: method
Access-Control-Allow-Header: header
Access-Control-Max-Age: seconds
Access-Control-Expose-Headers: header
Date: date
Content-Length: length
Response Headers¶
Table 2 lists the response headers.
Header | Description |
|---|---|
Access-Control-Allow-Origin | If the origin of a request meets server CORS configuration requirements, the response contains the origin. Type: String |
Access-Control-Allow-Headers | If the headers of a request meet server CORS configuration requirements, the response contains the headers. Type: String |
Access-Control-Max-Age | Indicates MaxAgeSeconds in the CORS configuration of a server. Type: Integer |
Access-Control-Allow-Methods | If the Access-Control-Request-Method of a request meets server CORS configuration requirements, the response contains the methods in the rule. Type: String Valid values: GET, PUT, HEAD, POST, and DELETE |
Access-Control-Expose-Headers | Indicates ExposeHeader in the CORS configuration of a server. Type: String |
Response Elements¶
This response involves no elements.
Error Responses¶
For details about other errors, see Table 1. In addition, this response also may contain special errors, as described in Table 3.
Error Code | Description | HTTP Status Code |
|---|---|---|
Bad Request | Invalid Access-Control-Request-Method: null When CORS and OPTIONS are configured for a bucket, no method header is added. | 400 Bad Request |
Bad Request | Insufficient information. Origin request header needed. When CORS and OPTIONS are configured for a bucket, no origin header is added. | 400 Bad Request |
AccessForbidden | CORSResponse: This CORS request is not allowed. This is usually because the evaluation of Origin, request method / Access-Control-Request-Method or Access-Control-Request-Headers are not whitelisted by the resource's CORS spec. When CORS and OPTIONS are configured for a bucket, origin, method, and headers do not match any rule. | 403 Forbidden |
Sample Request¶
OPTIONS / HTTP/1.1
User-Agent: curl/7.19.0 (x86_64-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8{ zlib/1.2.3 libidn/1.10
Host: bucketname.obs.example.com
Accept: */*
Date: Tue, 28 Apr 2015 12:43:15 +0000
Authorization: AWS D13E0C94E722DD69423C:02VOjl2Z5B7mUd+G6zr0Dql5CW8=
Origin:www.example.com
Access-Control-Request-Method:HEAD
Access-Control-Request-Headers:acc_header_1
Access-Control-Request-Headers:acc_header_2
Sample Response¶
HTTP/1.1 200 OK
x-amz-request-id: 0350FC4D73DDA0D3A6FC2CBE01A7943A
x-amz-id-2: ANHl/5gbYTwbfQat5+QZpWdnuE5DV83RXCyGZgBrbDVzVtdtGkqb9ZOepAX3Yr/z
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Access-Control-Allow-Origin: www.example.com
Access-Control-Allow-Methods: POST,GET,HEAD,PUT
Access-Control-Allow-Headers: acc_header_1,acc_header_2
Access-Control-Max-Age: 100
Access-Control-Expose-Headers: exp_header_1
Date: Tue, 28 Apr 2015 12:45:34 GMT
Content-Length: 0