Functions

Differences Between OPTIONS Bucket and OPTIONS Object

With the OPTIONS Object, you need to specify an object name in the URL, but an object name is not required with the OPTIONS Bucket, which uses the bucket domain name as the URL. The request lines of the two methods are as follows:

OPTIONS /object HTTP/1.1

OPTIONS / HTTP/1.1

Request Syntax

OPTIONS /object HTTP/1.1 
Host: bucketname.obs.region.example.com
Date: date
Authorization: authorization
Origin: origin
Access-Control-Request-Method: method

Request Parameters

This request contains no message parameters.

Request Headers

Table 1 describes headers used by this request.

**Table 1** OPTIONS request headers
Header	Description	Mandatory
Origin	Origin of the cross-domain request specified by the pre-request. Generally, it is a domain name set in CORS. Type: string	Yes
Access-Control-Request-Method	Indicates an HTTP method that can be used by a request. The request can use multiple method headers. Type: string Value options: GET, PUT, HEAD, POST, DELETE	Yes
Access-Control-Request-Headers	Indicates the HTTP headers of a request. The request can use multiple HTTP headers. Type: string	No

Request Elements

This request involves no elements.

Response Syntax

HTTP/1.1 status_code
Content-Type: type
Access-Control-Allow-Origin: origin
Access-Control-Allow-Methods: method
Access-Control-Allow-Header: header
Access-Control-Max-Age: time
Access-Control-Expose-Headers: header
Date: date
Content-Length: length

Response Headers

The request uses the headers described in Table 2.

**Table 2** CORS request headers
Header	Description
Access-Control-Allow-Origin	If the origin of a request meets server CORS configuration requirements, the response contains the origin. Type: string
Access-Control-Allow-Headers	If the headers of a request meet server CORS configuration requirements, the response contains the headers. Type: string
Access-Control-Max-Age	Value of MaxAgeSeconds in the CORS configuration of a server. Type: integer
Access-Control-Allow-Methods	If the Access-Control-Request-Method of a request meets server CORS configuration requirements, the response contains the methods in the rule. Type: string Value options: GET, PUT, HEAD, POST, DELETE
Access-Control-Expose-Headers	Indicates ExposeHeader in the CORS configuration of a server. Type: string

Response Elements

This response contains no elements.

Error Responses

Table 3 describes possible special errors in the request.

**Table 3** Special error
Error Code	Description	HTTP Status Code
Bad Request	Invalid Access-Control-Request-Method: null When CORS and OPTIONS are configured for a bucket, no method header is added.	400 BadRequest
Bad Request	Insufficient information. Origin request header needed. When CORS and OPTIONS are configured for a bucket, no origin header is added.	400 BadRequest
AccessForbidden	CORSResponse: This CORS request is not allowed. This is usually because the evaluation of Origin, request method/Access-Control-Request-Method or Access-Control-Request-Headers are not whitelisted by the resource's CORS spec. When CORS and OPTIONS are configured for a bucket, origin, method, and headers do not match any rule.	403 Forbidden

For other errors, see Table 2.

Sample Request

OPTIONS /object_1 HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.region.example.com
Accept: */*
Date: WED, 01 Jul 2015 04:02:19 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:bQZG9c2aokAJsHOOkuVBK6cHZZQ=
Origin: www.example.com
Access-Control-Request-Method: PUT

Sample Response

HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BF26000001643632D12EFCE1C1294555
Access-Control-Allow-Origin: www.example.com
Access-Control-Allow-Methods: POST,GET,HEAD,PUT,DELETE
Access-Control-Max-Age: 100
Access-Control-Expose-Headers: ExposeHeader_1,ExposeHeader_2
Access-Control-Allow-Credentials: true
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS+DXV4zZetbTqFehhEcuXywTa/mi3T3
Date: WED, 01 Jul 2015 04:02:19 GMT
Content-Length: 0