options method
Written by
Updated at March 6, 2023
Checks whether a CORS request to an object can be made.
Request
OPTIONS /{bucket}/{key} HTTP/2
Path parameters
Parameter | Description |
---|---|
bucket |
Bucket name. |
key |
Object key. ID for saving the object in Object Storage. |
Headers
Header | Description |
---|---|
Origin |
Request source domain. For instance, http://www.example.com .Mandatory. |
Access-Control-Request-Method |
HTTP method to be used to send a request to a resource. Mandatory. |
Access-Control-Request-Headers |
List of headers to be sent in a subsequent request to the object. Headers are separated by commas. Optional. |
You should also use the necessary common request headers
Response
Headers
In addition to common response headers, responses may contain:
Header | Description |
---|---|
Access-Control-Allow-Origin |
The domain that was passed in the Origin request header.If the CORS configuration has the AllowedOrigin element set to * , then the Access-Control-Allow-Origin header value will also be * .If access from the domain is not allowed, Object Storage returns error 403 and all Access-Control-* headers are missing. |
Access-Control-Max-Age |
Allowed response caching time (in seconds). |
Access-Control-Allow-Methods |
Allowed request methods. If there aren't any allowed methods, Object Storage returns a 403 error and all Access-Control-* headers are missing. |
Access-Control-Allow-Headers |
List of HTTP headers that can be used in a subsequent request to the object. If there are no headers allowed, this header is not included in a response. |
Access-Control-Expose-Headers |
List of HTTP headers that the JavaScript client receives. |
Response codes
The method returns:
- 200: if requests to the object are allowed.
- 403: if requests to the object aren't allowed.
For a detailed description of response codes, see Responses.