百度智能云
All Product Document

          Object Storage

          • Object Storage
          • >
          • API Reference
          • >
          • Bucket Related Interfaces
          • >
          • Basic Operations
          • >
          • OPTIONSObject

          OPTIONSObject

          Last Updated2021-12-08

          Interface Description

          Before sending the cross-origin request, the browser sends a preflight request (OPTIONS) and carries the specific source domain, HTTP method, and header information for BOS to decide whether a real request is sent. This interface responds to this request.

          Permission Description

          The authentication is not required for the operation of the OPTIONS Object.

          Request

          • Request syntax

              OPTIONS /<ObjectKey> HTTP/1.1
  Host: <BucketName>.bj.bcebos.com
  Origin: Origin
  Access-Control-Request-Method: HTTPMethod
  Access-Control-Request-Headers: RequestHeader

          • Request parameters

            None

          • Request header field

            Name Description Required?
            Origin Request source field, which is used to identify the crossfield request and only allows one method. Type: String. Default value: None. Yes
            Access-Control-Request-Method The method is used in the actual request, and only one method is allowed. Type: String. The value is “PUT/GET/DELETE/POST/HEAD”, and no default value is set. Yes
            Access-Control-Request-Headers The Headers used in the actual request, except for the simple headers. Multiple headers are separated with commas. Type: String. Default value: None. No

          • Request element

            None

          Response

          • Response header field

            Name Description
            Access-Control-Allow-Credentials Check whether the BOS server allows the client to contain the cookie in the request. It takes effect only when it is allowed by both client and server. BOS returns “Allow” when the request is passed. That is, the value is true, which is case-sensitive.
            Access-Control-Allow-Headers List of headers allowed in the request. If any header in the request is not allowed, the CORS rule matching fails, and it returns a header that does not start with Access-Control-. Multiple headers are separated by commas. Note: It returns the list of headers for this request only regardless of whether more headers allowed are configured in the configuration file.
            Access-Control-Allow-Methods HTTP method to allow the request. If this request is not allowed, it does not contain this header and all Access-Control-* related headers. Type: String. Note: It returns a list of all allowedMethods, which not just contains the method for this request.
            Access-Control-Allow-Origin Origin contained in the request. If it is not allowed, it does not contain this header and all Access-Control-* related headers. Type: String.
            Access-Control-Expose-Headers List of headers allowed to access in JavaScript program on request side. It corresponds to the exposeHeaders in the configuration file. Type: String.
            Access-Control-Max-Age Time for the browser to cache the preflight results (second) Type: integer.

          • Response element

            None

          Considerations

          • When it receives the OPTIONS request, CORS reads the CORS rules corresponding to the bucket and then checks the corresponding permission. It checks rules in turn during the whole check, uses the first matching rule to allow the request, and returns the corresponding header. If all rules fail to match, no CORS related headers are attached.

          • Three conditions must be met for successful CORS rule matching:

            • The origin of the request must match one item of allowedOrigins.
            • The method corresponding to the Access-Control-Request-Method header of OPTIONS request must match one item of allowedMethods.
            • Each header contained in Access-Control-Request-Headers of the OPTIONS request must match one item of allowedHeaders. As long as one item of allowedHeaders does not match, it fails to match as a whole.

          Example

          • Request example

               OPTIONS /object HTTP/1.1
   Host: BucketName.bj.bcebos.com
   Origin: http://www.example.com
   Access-Control-Request-Method: GET
   Access-Control-Request-Headers: x-bce-test

          • Response example

              HTTP/1.1 200 OK
  x-bce-request-id: 4db2b34d-654d-4d8a-b49b-3049ca786409
  Date: Wed, 06 Apr 2016 06:34:40 GMT
  Access-Control-Allow-Origin: http://www.example.com 
  Access-Control-Allow-Methods: GET, HEAD, DELETE 
  Access-Control-Allow-Headers: x-bce-test
  Access-Control-Expose-Headers: user-custom-expose-header
  Access-Control-Max-Age: 3600
  Access-Control-Allow-Credentials: true
  Content-Length: 0
  Server: BceBos
          Previous
          ListObjects
          Next
          PutBucket