OptionObject - API Reference| Alibaba Cloud Documentation Center

OptionObject

Edit in GitHub

Last Updated: May 07, 2020 Edit in GitHub

Before a cross-origin request is sent, the browser sends a preflight (OPTIONS) request that includes a specific origin, HTTP method, and header information to OSS to determine whether to send the cross-origin request.

Request syntax

OPTIONS /ObjectName HTTP/1.1
Host: BucketName.oss-cn-hangzhou.aliyuncs.com
Origin:Origin
Access-Control-Request-Method:HTTP method
Access-Control-Request-Headers:Request Headers

Request headers


Header	Type	Description
Origin	String	The origin of the request, used to identify a cross-origin request. Default value: null.
Access-Control-Request-Method	String	The method to use in the cross-origin request. Default value: null.
Access-Control-Request-Headers	String	The request headers, except for standard headers, to use in the cross-origin request. Default value: null.

Response headers


Header	Type	Description
Access-Control-Allow-Origin	String	The origin that is included in the request. If the request is denied, the response does not contain the header.
Access-Control-Allow-Methods	String	The HTTP method of the request. If the request is denied, the response does not contain the header.
Access-Control-Allow-Headers	String	The list of headers included in the request. If the request includes headers that are not allowed, the response does not contain the header and the request is denied.
Access-Control-Expose-Headers	String	The list of header fields that are accessible to JavaScript applications on the client.
Access-Control-Max-Age	Integer	The maximum duration for the browser to cache preflight results. Unit: seconds.

Examples

Sample requests

OPTIONS /testobject HTTP/1.1
Host: oss-example.oss-cn-hangzhou.aliyuncs.com  
Date: Fri, 24 Feb 2012 05:45:34 GMT  
Origin:http://www.example.com
Access-Control-Request-Method:PUT
Access-Control-Request-Headers:x-oss-test

Sample success responses

HTTP/1.1 200 OK 
x-oss-request-id: 5051845BC4689A033D00****
Date: Fri, 24 Feb 2012 05:45:34 GMT
Access-Control-Allow-Origin: http://www.example.com
Access-Control-Allow-Methods: PUT
Access-Control-Expose-Headers: x-oss-test
Connection: keep-alive
Content-Length: 0  
Server: AliyunOSS

Error codes


Error code	HTTP status code	Description
Forbidden	403	The error message returned because the access is forbidden. OSS allows you to enable CORS for a bucket by using PutBucketCORS. After CORS is enabled for a bucket, OSS determines whether to allow the preflight request sent from the browser based on the specified CORS rules. If OSS does not allow the request or CORS is disabled for the bucket, 403 Forbidden is returned.