OPTIONS Object

Origin

Origin of the cross-domain request specified by the pre-request. Generally, it is a domain name set in CORS.

Type: string

Yes

Access-Control-Request-Method

Indicates an HTTP method that can be used by a request. The request can use multiple method headers.

Type: string

Value options: GET, PUT, HEAD, POST, DELETE

Yes

Access-Control-Request-Headers

Indicates the HTTP headers of a request. The request can use multiple HTTP headers.

Type: string

No

Access-Control-Allow-Origin

If the origin of a request meets server CORS configuration requirements, the response contains the origin.

Type: string

Access-Control-Allow-Headers

If the headers of a request meet server CORS configuration requirements, the response contains the headers.

Type: string

Access-Control-Max-Age

Value of MaxAgeSeconds in the CORS configuration of a server.

Type: integer

Access-Control-Allow-Methods

If the Access-Control-Request-Method of a request meets server CORS configuration requirements, the response contains the methods in the rule.

Type: string

Value options: GET, PUT, HEAD, POST, DELETE

Access-Control-Expose-Headers

Indicates ExposeHeader in the CORS configuration of a server.

Type: string

Bad Request

Invalid Access-Control-Request-Method: null

When CORS and OPTIONS are configured for a bucket, no method header is added.

400 BadRequest

Bad Request

Insufficient information. Origin request header needed.

When CORS and OPTIONS are configured for a bucket, no origin header is added.

400 BadRequest

AccessForbidden

CORSResponse: This CORS request is not allowed. This is usually because the evaluation of Origin, request method/Access-Control-Request-Method or Access-Control-Request-Headers are not whitelisted by the resource's CORS spec.

When CORS and OPTIONS are configured for a bucket, origin, method, and headers do not match any rule.

403 Forbidden