OPTIONS Bucket¶
Functions¶
OPTIONS refers to pre-requests that are sent to servers by clients. Generally, the requests are used to check whether clients have permissions to perform operations on servers. Only after a pre-request is returned successfully, clients start to execute the follow-up requests.
OBS allows static web resources to be stored in buckets with appropriate configurations. In this scenario, buckets in the OBS serve as servers to process OPTIONS pre-requests from clients.
OBS can process OPTIONS pre-requests only after CORS is configured for buckets in OBS. For details about CORS, see Configuring Bucket CORS.
Differences Between OPTIONS Bucket and OPTIONS Object¶
With the OPTIONS Object, you need to specify an object name in the URL, but an object name is not required with the OPTIONS Bucket, which uses the bucket domain name as the URL. The request lines of the two methods are as follows:
OPTIONS /object HTTP/1.1
OPTIONS / HTTP/1.1
Request Syntax¶
OPTIONS / HTTP/1.1
Host: bucketname.obs.region.example.com
Date: date
Authorization: authorization
Origin: origin
Access-Control-Request-Method: method
Request Parameters¶
This request contains no message parameters.
Request Headers¶
This request uses the headers described in Table 1.
Header | Description | Mandatory |
|---|---|---|
Origin | Origin of the cross-domain request specified by the pre-request. Generally, it is a domain name set in CORS. Type: string | Yes |
Access-Control-Request-Method | An HTTP method that can be used by a request. The request can use multiple method headers. Type: string Value options: GET, PUT, HEAD, POST, DELETE | Yes |
Access-Control-Request-Headers | HTTP headers of a request. The request can use multiple HTTP headers. Type: string | No |
Request Elements¶
This request involves no elements.
Response Syntax¶
HTTP/1.1 status_code
Content-Type: application/xml
Access-Control-Allow-Origin: origin
Access-Control-Allow-Methods: method
Access-Control-Allow-Header: header
Access-Control-Max-Age: time
Access-Control-Expose-Headers: header
Date: date
Content-Length: length
Response Headers¶
The response uses the following headers as described in Table 2.
Header | Description |
|---|---|
Access-Control-Allow-Origin | If the origin of a request meets server CORS configuration requirements, the response contains the origin. Type: string |
Access-Control-Allow-Headers | If the headers of a request meet server CORS configuration requirements, the response contains the headers. Type: string |
Access-Control-Max-Age | Value of MaxAgeSeconds in the CORS configuration of a server Type: integer |
Access-Control-Allow-Methods | If the Access-Control-Request-Method of a request meets server CORS configuration requirements, the response contains the methods in the rule. Type: string Value options: GET, PUT, HEAD, POST, DELETE |
Access-Control-Expose-Headers | Value of ExposeHeader in the CORS configuration of a server Type: string |
Response Elements¶
This response contains no elements.
Error Responses¶
Table 3 describes possible special errors in the request.
Error Code | Description | HTTP Status Code |
|---|---|---|
Bad Request | Invalid Access-Control-Request-Method: null When CORS and OPTIONS are configured for a bucket, no method header is added. | 400 BadRequest |
Bad Request | Insufficient information. Origin request header needed. When CORS and OPTIONS are configured for a bucket, no origin header is added. | 400 BadRequest |
AccessForbidden | CORSResponse: This CORS request is not allowed. This is usually because the evaluation of Origin, request method / Access-Control-Request-Method or Access-Control-Request-Headers are not whitelisted by the resource's CORS specification. When CORS and OPTIONS are configured for a bucket, origin, method, and headers do not match any rule. | 403 Forbidden |
For other errors, see Table 2.
Sample Request¶
OPTIONS / HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.example.com
Accept: */*
Date: WED, 01 Jul 2015 04:02:15 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:7RqP1vjemo6U+Adv9/Y6eGzWrzA=
Origin: www.example.com
Access-Control-Request-Method: PUT
Sample Response¶
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF260000016436314E8FF936946DBC9C
Access-Control-Allow-Origin: www.example.com
Access-Control-Allow-Methods: POST,GET,HEAD,PUT,DELETE
Access-Control-Max-Age: 100
Access-Control-Expose-Headers: ExposeHeader_1,ExposeHeader_2
Access-Control-Allow-Credentials: true
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCTlYimJvOyJncCLNm5y/iz6MAGLNxTuS
Date: WED, 01 Jul 2015 04:02:15 GMT
Content-Length: 0