options method
Written by
Updated at March 19, 2025
Checks whether a CORS request to an object can be made.
For more information on getting started with the API and the general request format, see How to use the S3 API.
Request
OPTIONS /{bucket}/{key} HTTP/2
Path parameters
| Parameter | Description |
|---|---|
bucket |
Bucket name. |
key |
Object key. ID for saving the object in Object Storage. |
Headers
| Header | Description |
|---|---|
Origin |
Request source domain. For example, http://www.example.com.It is required. |
Access-Control-Request-Method |
HTTP method for making a request to a resource. It is required. |
Access-Control-Request-Headers |
List of headers to send in a subsequent request to the object. Headers are separated by commas. It is optional. |
Make sure to also use the required common headers.
Response
Headers
In addition to common headers, responses may contain:
| Header | Description |
|---|---|
Access-Control-Allow-Origin |
Domain provided in the Origin header of the request.If the CORS configuration has its AllowedOrigin element set to *, then the Access-Control-Allow-Origin header value will also be *.If access from the domain is denied, Object Storage will return error 403 and there will be no Access-Control-* headers present. |
Access-Control-Max-Age |
Allowed response caching time, in seconds. |
Access-Control-Allow-Methods |
Allowed request methods. If there are no allowed methods, Object Storage will return error 403 and there will be no Access-Control-* headers present. |
Access-Control-Allow-Headers |
List of HTTP headers that can be used in a subsequent request to the object. If there are no headers allowed, this header is not included in a response. |
Access-Control-Expose-Headers |
List of HTTP headers that the JavaScript client receives. |
Response codes
The method returns the following:
- 200: If requests to the object are allowed.
- 403: If requests to the object are not allowed.
For a detailed description of response codes, see Responses.