tencent cloud

Feedback

Configuring CORS Preflight Requests

Last updated: 2022-01-10 15:03:55

    Overview

    This document provides an overview of APIs and SDK code samples related to CORS preflight requests.

    API Operation Description
    Options Object Configuring a preflight request for cross-origin access Sends a preflight request to check whether a real cross-origin access request can be sent

    Description

    This API (OPTIONS Object) is used to send a preflight request to check the CORS configuration of an object. Before making an actual CORS request, you can send an OPTIONS request that includes the source origin, HTTP method, and headers to COS to determine whether an actual CORS request can be sent. If there is no CORS configuration, "403 Forbidden" will be returned. You can enable CORS for a bucket using the PUT Bucket cors API.

    Sample code

    cos.optionsObject({
       Bucket: 'examplebucket-1250000000', /* Your bucket name. Required. */
       Region: 'COS_REGION',  /* Bucket region, such as `ap-beijing`. Required. */
       Key: '1.jpg',  /* Object key stored in the bucket (such as `1.jpg` and `a/b/test.txt`). Required. */
       Origin: 'https://www.qq.com', /*Required*/
       AccessControlRequestMethod: 'PUT', /*Required*/
       AccessControlRequestHeaders: 'origin,accept,content-type' /*Optional*/
    }, function(err, data) {
       console.log(err || data);
    });
    

    Parameter description

    Parameter Description Type Required
    Bucket Bucket name in the format of BucketName-APPID String Yes
    Region Bucket region. For the enumerated values, please see Regions and Access Endpoints. String Yes
    Key Object key (object name), the unique ID of an object in a bucket. For more information, please see Object Overview. String Yes
    Origin Origin domain name of the simulated CORS request String Yes
    AccessControlRequestMethod HTTP method of the simulated CORS request String Yes
    AccessControlRequestHeaders Headers of the simulated CORS request String No

    Callback function description

    function(err, data) { ... }
    
    Parameter                                             Description Type
    err Error code, which is returned when an error (network error or service error) occurs. If the request is successful, this parameter is empty. For more information, please see Error Codes. Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - headers Headers Object
    data Content returned when the request is successful. If the request fails, this parameter is empty. Object
    - headers Headers Object
    - statusCode HTTP status code, such as 200, 403, and 404 Number
    - AccessControlAllowOrigin Source origins (separated by commas) of the simulated CORS request. If the origins are not allowed, this header will not be returned. Example: * String
    - AccessControlAllowMethods HTTP methods (separated by commas) of the simulated CORS request (for example, PUT,GET,POST,DELETE,HEAD). If the request method is not allowed, this header will not be returned. String
    - AccessControlAllowHeaders Headers (separated by commas) of the simulated CORS request (for example, accept,content-type,origin,authorization). If none of the stimulated request headers is allowed, this header will not be returned. String
    - AccessControlExposeHeaders Headers (separated by commas) returned if CORS is supported. Example: ETag String
    - AccessControlMaxAge The validity duration of results returned by the OPTIONS request, e.g. 3600 String
    - OptionsForbidden Whether the OPTIONS request is forbidden. It is true if the HTTP status code 403 is returned. Boolean
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support