tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Object Storage
    Documentation
    Download PDF

    OPTIONS Object

    Last updated: 2024-06-12 15:10:38
    Download PDF

      Overview

      This API is used to issue a preflight request for cross-origin resource sharing (CORS). Before an actual CORS request is sent, your browser may determine whether a preflight request is necessary and if yes, it automatically issues a preflight request first. Therefore, frontend developers may not need to send such requests themselves in most cases.
      If the preflight request matches the CORS configuration of the bucket, COS will respond successfully, allowing the browser to send the actual CORS request.
      If the bucket does not have CORS configuration, or the preflight request does not match the configuration, COS returns the 403 Forbidden error, and the browser will stop the CORS request and throw an exception to the frontend.
      For more information about CORS configurations, please see PUT Bucket cors.
      

      Request

      Sample request

      OPTIONS /<ObjectKey> HTTP/1.1
      Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
      Date: GMT Date
      Origin: Origin
      Access-Control-Request-Method: RequestMethod
      Note:
      In the sample request above, an object key (ObjectKey) is specified. You can also specify any other resources in the bucket, such as OPTIONS / HTTP/1.1 or OPTIONS /?lifecycle HTTP/1.1.
      As the preflight request is automatically sent by your browser, you cannot and need not include a request signature.
      In Host: <BucketName-APPID>.cos.<Region>.myqcloud.com, <BucketName-APPID> is the bucket name followed by the APPID, such as examplebucket-1250000000 (see Bucket Overview > Basic Information and Bucket Overview > Bucket Naming Conventions), and <Region> is a COS region (see Regions and Access Endpoints).

      Request parameters

      The request parameters are determined by the browser based on the target cross-origin resource.

      Request headers

      The request headers are determined by the browser based on the target cross-origin resource.
      Header
      Description
      Type
      Required
      Origin
      Domain that initiates the CORS request
      string
      Yes
      Access-Control-Request-Method
      Method used for the CORS request
      string
      Yes
      Access-Control-Request-Headers
      HTTP request headers used for the CORS request. You can use commas (,) to separate multiple headers (case-insensitive).
      string
      No

      Request body

      This API does not have a request body.

      Response

      Response headers

      The browser automatically identifies the response headers and controls whether the CORS request is allowed.
      Header
      Description
      Type
      Access-Control-Allow-Origin
      Domains that are allowed to send a CORS request. Valid values:
      *: all domains
      Domains specified in the Origin request header
      string
      Access-Control-Allow-Methods
      Methods allowed for the CORS request. Multiple methods are separated by commas (,).
      string
      Access-Control-Expose-Headers
      HTTP response headers (case-insensitive) of CORS requests that the browser can get. Multiple headers are separated by commas (,).
      string
      Access-Control-Max-Age
      Validity period of the CORS configuration, in seconds. Within the validity period, the browser does not need to issue a preflight request again for the same request.
      integer

      Response body

      The response body of this API is empty.

      Error codes

      This API returns common error responses and error codes. For more information, please see Error Codes.

      Examples

      The following sample preflight requests are all automatically issued by the browser according to the actual CORS requests.

      Example 1: initiating a preflight request for PUT Object

      Request

      OPTIONS /exampleobject HTTP/1.1
      Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
      Date: Thu, 09 Jul 2020 14:49:22 GMT
      Origin: https://example.com
      Access-Control-Request-Method: PUT
      Access-Control-Request-Headers: content-md5,content-type,x-cos-meta-author
      Connection: close

      Response

      HTTP/1.1 200 OK
      Content-Length: 0
      Connection: close
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Headers: content-md5,content-type,x-cos-meta-author
      Access-Control-Allow-Methods: PUT,GET,POST,DELETE,HEAD
      Access-Control-Allow-Origin: https://example.com
      Access-Control-Expose-Headers: Content-Length,ETag,x-cos-meta-author
      Access-Control-Max-Age: 600
      Date: Thu, 09 Jul 2020 14:49:22 GMT
      Server: tencent-cos
      x-cos-request-id: NWYwNzJlNzJfODRjOTJhMDlfMjU0MWNfMTNmZDM5****

      Example 2: initiating a preflight request when GET Object carries the range request header

      Request

      OPTIONS /exampleobject HTTP/1.1
      Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
      Date: Thu, 09 Jul 2020 14:49:22 GMT
      Origin: https://example.com
      Access-Control-Request-Method: GET
      Access-Control-Request-Headers: range
      Connection: close

      Response

      HTTP/1.1 200 OK
      Content-Length: 0
      Connection: close
      Access-Control-Allow-Headers: range,x-cos-server-side-encryption-customer-algorithm,x-cos-server-side-encryption-customer-key,x-cos-server-side-encryption-customer-key-md5
      Access-Control-Allow-Methods: GET,HEAD
      Access-Control-Allow-Origin: *
      Access-Control-Expose-Headers: Content-Length,ETag,x-cos-meta-author
      Access-Control-Max-Age: 600
      Date: Thu, 09 Jul 2020 14:49:22 GMT
      Server: tencent-cos
      x-cos-request-id: NWYwNzJlNzJfZDUyNzVkNjRfYTA2Ml8yNGEz****

      Example 3: initiating a preflight request for PUT Bucket lifecycle

      Request

      OPTIONS /?lifecycle HTTP/1.1
      Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
      Date: Thu, 09 Jul 2020 14:29:40 GMT
      Origin: https://bar.com
      Access-Control-Request-Method: PUT
      Access-Control-Request-Headers: content-md5,content-type
      Connection: close

      Response

      HTTP/1.1 200 OK
      Content-Length: 0
      Connection: close
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Headers: content-md5,content-type
      Access-Control-Allow-Methods: PUT,GET,POST,DELETE,HEAD
      Access-Control-Allow-Origin: https://bar.com
      Access-Control-Expose-Headers: Content-Length,ETag,x-cos-meta-author
      Access-Control-Max-Age: 600
      Date: Thu, 09 Jul 2020 14:29:40 GMT
      Server: tencent-cos
      x-cos-request-id: NWYwNzI5ZDRfNjFiMDJhMDlfYzk2NF8xYmZl****

      Example 4: bucket with no CORS configuration, or preflight request not matching the CORS configuration

      Request

      OPTIONS /exampleobject HTTP/1.1
      Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
      Date: Thu, 09 Jul 2020 11:45:26 GMT
      Origin: https://example.com
      Access-Control-Request-Method: PUT
      Connection: close

      Response

      HTTP/1.1 403 Forbidden
      Content-Type: application/xml
      Content-Length: 687
      Connection: close
      Date: Thu, 09 Jul 2020 11:45:26 GMT
      Server: tencent-cos
      x-cos-request-id: NWYwNzAzNTZfNzNjODJhMDlfMzRiM2ZfMThjMjk4****
      x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4OWM4Y2M5MzI5ZmUzN2FjZDk1OTRjYWI5Yjg5OTJlZDA=
      
      <?xml version='1.0' encoding='utf-8' ?>
      <Error>
          <Code>AccessForbidden</Code>
          <Message>CORSResponse: This CORS request is not allowed. This is usually because the evalution of Origin, request method / Access-Control-Request-Method or Access-Control-Requet-Headers are not whitelisted by the resource&apos;s CORS spec</Message>
          <Resource>examplebucket-1250000000.cos.ap-beijing.myqcloud.com/exampleobject</Resource>
          <RequestId>NWYwNzAzNTZfNzNjODJhMDlfMzRiM2ZfMThjMjk4****</RequestId>
          <TraceId>OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4OWM4Y2M5MzI5ZmUzN2FjZDk1OTRjYWI5Yjg5OTJlZDA=</TraceId>
      </Error>
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy