OPTIONS Object¶
For details, see section OPTIONS Bucket.
Request Syntax¶
OPTIONS /object HTTP/1.1
User-Agent: agent
Host: bucketname.obs.example.com
Accept: */*
Date: date
Authorization: authorization
Origin: origin
Access-Control-Request-Method: method
Request Parameters¶
This request involves no parameters.
Request Headers¶
Table 1 lists the request headers.
Header | Description | Remarks |
|---|---|---|
Origin | Indicates an origin specified by a pre-request. Generally, it is a domain name. Type: String | Mandatory |
Access-Control-Request-Method | Indicates an HTTP method that can be used by a request. The request can use multiple method headers. Type: String Valid values: GET, PUT, HEAD, POST, and DELETE | Mandatory |
Access-Control-Request-Headers | Indicates the HTTP headers of a request. The request can use multiple HTTP headers. Type: String | Optional |
x-amz-security-token | Header field used to identify the request of a federated user. When the federal authentication function is enabled, users sending such requests are identified as federated users. Type: string | Optional. This parameter must be carried in the request sent by federated users. |
Request Elements¶
This request involves no elements.
Response Syntax¶
HTTP/1.1 status_code
Server: server
x-amz-request-id: request id
x-amz-id-2: id
Content-Type: type
Access-Control-Allow-Origin: origin
Access-Control-Allow-Methods: method
Access-Control-Allow-Header: header
Access-Control-Max-Age: seconds
Access-Control-Expose-Headers: header
Date: date
Content-Length: length
Response Headers¶
Table 2 lists the request headers.
Header | Description |
|---|---|
Access-Control-Allow-Origin | If the origin of a request meets server CORS configuration requirements, the response contains the origin. Type: String |
Access-Control-Allow-Headers | If the headers of a request meet server CORS configuration requirements, the response contains the headers. Type: String |
Access-Control-Max-Age | Indicates MaxAgeSeconds in the CORS configuration of a server. Type: Integer |
Access-Control-Allow-Methods | If the Access-Control-Request-Method of a request meets server CORS configuration requirements, the response contains the methods in the rule. Type: String Valid values: GET, PUT, HEAD, POST, and DELETE |
Access-Control-Expose-Headers | Indicates ExposeHeader in the CORS configuration of a server. Type: String |
Response Elements¶
This response involves no elements.
Error Responses¶
Table 3 describes possible special errors in the request.
Error Code | Description | HTTP Status Code |
|---|---|---|
Bad Request | Invalid Access-Control-Request-Method: null When CORS and OPTIONS are configured for a bucket, no method header is added. | 400 Bad Request |
Bad Request | Insufficient information. Origin request header needed. When CORS and OPTIONS are configured for a bucket, no origin header is added. | 400 Bad Request |
AccessForbidden | CORSResponse: This CORS request is not allowed. This is usually because the evaluation of Origin, request method / Access-Control-Request-Method or Access-Control-Request-Headers are not whitelisted by the resource's CORS spec. When CORS and OPTIONS are configured for a bucket, origin, method, and headers do not match any rule. | 403 Forbidden |
For details about other errors, see Table 1.
Sample Request¶
OPTIONS /object HTTP/1.1
User-Agent: curl/7.19.0 (x86_64-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8{ zlib/1.2.3 libidn/1.10
Host: bucketname.obs.example.com
Accept: */*
Date: Tue, 28 Apr 2015 12:44:17 +0000
Authorization: AWS D13E0C94E722DD69423C:9U2ZGZebzPsbjsbxd6Qx1552LCI=
Origin:www.example.com
Access-Control-Request-Method:HEAD
Access-Control-Request-Headers:acc_header_1
Access-Control-Request-Headers:acc_header_2
Sample Response¶
HTTP/1.1 200 OK
Server: OBS
x-amz-request-id: EB916A17C4CA9863E10CB3875D12D921
x-amz-id-2: xuXo/62YzJOvNjQ3179xVyqlTSY8cWbI/EBDbKmhEoqdvKw7bU4KwFzeBX9oq212
x-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Content-Type: text/xml
Access-Control-Allow-Origin: www.example.com
Access-Control-Allow-Methods: POST,GET,HEAD,PUT
Access-Control-Allow-Headers: acc_header_1,acc_header_2
Access-Control-Max-Age: 100
Access-Control-Expose-Headers: exp_header_1
Date: Tue, 28 Apr 2015 12:46:56 GMT
Content-Length: 0