OPTIONS Object

Last updated:2021-06-15 20:56:34

Description

A browser can send a preflight request to KS3 to check whether it can send a CORS request that contains a specified origin, HTTP method, and request headers.

KS3 supports CORS by allowing you to configure CORS rules for your buckets. After you send a preflight request, KS3 checks whether the request matches a specified rule.

If the request does not match any rules, KS3 returns a 403 Forbidden response.

Request

Request syntax

OPTIONS /{ObjectName} HTTP/1.1
Host: {BucketName}.{endpoint}
Origin: {Origin}
Access-Control-Request-Method: {HTTPMethod}
Access-Control-Request-Headers: {RequestHeader}

References:

Request parameters

No request parameter is used.

Request headers

This operation supports all common request headers. For more information, see Public Request Header.

Parameter Description Required
Origin The origin of the CORS request to KS3, such as http://www.example.com.
Type: String
Default value: none
Yes
Access-Control-Request-Method The HTTP method used for sending the CORS request.
Type: String
Default value: none
Yes
Access-Control-Request-Headers A list of headers that are sent in the actual CORS request. Headers are separated with commas (,).
Type: String
Default value: none
No

Request body

No request body is used.

Response

Response headers

This operation supports all common response headers. For more information, see Public Response Header.

Parameter Description
Access-Control-Allow-Origin The origin in the actual request. If the origin is not allowed, KS3 does not include this header in the response.
Type: String
Access-Control-Max-Age The period of time in seconds that the results of the preflight request can be cached.
Type: String
Access-Control-Allow-Methods The HTTP method that was sent in the original request. If the method is not allowed, KS3 does not include this header in the response.
Type: String
Access-Control-Allow-Headers The list of HTTP headers that the browser can send in the actual request. Headers are separated with commas (,). If any of the headers is not allowed, KS3 does not include this header in the response, and the response does not contain any header that contains the Access-Control prefix.
Type: String
Access-Control-Expose-Headers The list of HTTP headers, where headers are separated with commas (,). In response to the actual request, the JavaScript client is allowed to access these headers.
Type: String

Response body

No response body is returned.

Examples

Sample request

OPTIONS /my-image.jpg HTTP/1.1
Host: ks3-example.ks3-cn-beijing.ksyun.com
Origin: http://www.example.com
Access-Control-Request-Method: PUT

Sample response

HTTP/1.1 200 OK
Date: Wed, 21 Aug 2012 23:09:55 GMT
Etag: "1f1a1af1f1111111111111c11aed1da1"
Access-Control-Allow-Origin: http://www.example.com
Access-Control-Allow-Methods: PUT
Access-Control-Expose-Headers: x-kss-request-id
Content-Length: 0
Server: Tengine

Did you find the above information helpful?

Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful

What might be the problems?

Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions

0/200

Please give us your feedback.

Submitted

Thank you for your feedback.

问题反馈