동향 및 공지

릴리스 노트

제품 공지

제품 소개

제품 개요

기능 개요

적용 시나리오

제품 장점

기본 개념

리전 및 액세스 도메인

규격 및 제한

제품 요금

과금 개요

과금 방식

과금 항목

프리 티어

과금 예시

청구서 보기 및 다운로드

연체 안내

FAQ

빠른 시작

콘솔 시작하기

COSBrowser 시작하기

사용자 가이드

요청 생성

버킷

객체

데이터 관리

일괄 프로세스

글로벌 가속

모니터링 및 알람

운영 센터

데이터 처리

스마트 툴 박스 사용 가이드

데이터 워크플로

애플리케이션 통합

툴 가이드

툴 개요

환경 설치 및 설정

COSBrowser 툴

COSCLI 툴

COSCMD 툴

COS Migration 툴

FTP Server 툴

Hadoop 툴

COSDistCp 툴

HDFS TO COS 툴

온라인 도구 (Onrain Dogu)

자가 진단 도구

실습 튜토리얼

개요

액세스 제어 및 권한 관리

성능 최적화

AWS S3 SDK를 사용하여 COS에 액세스하기

데이터 재해 복구 백업

도메인 관리 사례

이미지 처리 사례

COS 오디오/비디오 플레이어 사례

데이터 다이렉트 업로드

데이터 보안

데이터 검증

빅 데이터 사례

COS 비용 최적화 솔루션

3rd party 애플리케이션에서 COS 사용

마이그레이션 가이드

로컬 데이터 COS로 마이그레이션

타사 클라우드 스토리지 데이터를 COS로 마이그레이션

URL이 소스 주소인 데이터를 COS로 마이그레이션

COS 간 데이터 마이그레이션

Hadoop 파일 시스템과 COS 간 데이터 마이그레이션

데이터 레이크 스토리지

클라우드 네이티브 데이터 레이크

메타데이터 가속

데이터 레이크 가속기 GooseFS

데이터 처리

데이터 처리 개요

이미지 처리

미디어 처리

콘텐츠 조정

파일 처리

문서 미리보기

장애 처리

RequestId 가져오기

공용 네트워크로 COS에 파일 업로드 시 속도가 느린 문제

COS 액세스 시 403 에러 코드 반환

리소스 액세스 오류

POST Object 자주 발생하는 오류

보안 및 컴플라이언스

데이터 재해 복구

데이터 보안

액세스 관리

자주 묻는 질문

OPTIONS Object

포커스 모드

폰트 크기

마지막 업데이트 시간: 2024-06-12 15:10:38

Overview
This API is used to issue a preflight request for cross-origin resource sharing (CORS). Before an actual CORS request is sent, your browser may determine whether a preflight request is necessary and if yes, it automatically issues a preflight request first. Therefore, frontend developers may not need to send such requests themselves in most cases.
If the preflight request matches the CORS configuration of the bucket, COS will respond successfully, allowing the browser to send the actual CORS request.
If the bucket does not have CORS configuration, or the preflight request does not match the configuration, COS returns the 403 Forbidden error, and the browser will stop the CORS request and throw an exception to the frontend.
For more information about CORS configurations, please see PUT Bucket cors.
﻿
Request
Sample request
OPTIONS /<ObjectKey> HTTP/1.1
Host: <BucketName-APPID>.cos.<Region>.myqcloud.com
Date: GMT Date
Origin: Origin
Access-Control-Request-Method: RequestMethod
Note: 
In the sample request above, an object key (ObjectKey) is specified. You can also specify any other resources in the bucket, such as OPTIONS / HTTP/1.1 or OPTIONS /?lifecycle HTTP/1.1.
As the preflight request is automatically sent by your browser, you cannot and need not include a request signature.
In Host: <BucketName-APPID>.cos.<Region>.myqcloud.com, <BucketName-APPID> is the bucket name followed by the APPID, such as examplebucket-1250000000 (see Bucket Overview > Basic Information and Bucket Overview > Bucket Naming Conventions), and <Region> is a COS region (see Regions and Access Endpoints).
Request parameters
The request parameters are determined by the browser based on the target cross-origin resource.
Request headers
The request headers are determined by the browser based on the target cross-origin resource.
Header
Description
Type
Required
Origin
Domain that initiates the CORS request
string
Yes
Access-Control-Request-Method
Method used for the CORS request
string
Yes
Access-Control-Request-Headers
HTTP request headers used for the CORS request. You can use commas (,) to separate multiple headers (case-insensitive).
string
No
Request body
This API does not have a request body.
Response
Response headers
The browser automatically identifies the response headers and controls whether the CORS request is allowed.
Header
Description
Type
Access-Control-Allow-Origin
Domains that are allowed to send a CORS request. Valid values: 
*: all domains
Domains specified in the Origin request header
string
Access-Control-Allow-Methods
Methods allowed for the CORS request. Multiple methods are separated by commas (,).
string
Access-Control-Expose-Headers
HTTP response headers (case-insensitive) of CORS requests that the browser can get. Multiple headers are separated by commas (,).
string
Access-Control-Max-Age
Validity period of the CORS configuration, in seconds. Within the validity period, the browser does not need to issue a preflight request again for the same request.
integer
Response body
The response body of this API is empty.
Error codes
This API returns common error responses and error codes. For more information, please see Error Codes.
Examples
The following sample preflight requests are all automatically issued by the browser according to the actual CORS requests.
Example 1: initiating a preflight request for PUT Object
Request
OPTIONS /exampleobject HTTP/1.1
Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
Date: Thu, 09 Jul 2020 14:49:22 GMT
Origin: https://example.com
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-md5,content-type,x-cos-meta-author
Connection: close
Response
HTTP/1.1 200 OK
Content-Length: 0
Connection: close
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-md5,content-type,x-cos-meta-author
Access-Control-Allow-Methods: PUT,GET,POST,DELETE,HEAD
Access-Control-Allow-Origin: https://example.com
Access-Control-Expose-Headers: Content-Length,ETag,x-cos-meta-author
Access-Control-Max-Age: 600
Date: Thu, 09 Jul 2020 14:49:22 GMT
Server: tencent-cos
x-cos-request-id: NWYwNzJlNzJfODRjOTJhMDlfMjU0MWNfMTNmZDM5****
Example 2: initiating a preflight request when GET Object carries the range request header
Request
OPTIONS /exampleobject HTTP/1.1
Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
Date: Thu, 09 Jul 2020 14:49:22 GMT
Origin: https://example.com
Access-Control-Request-Method: GET
Access-Control-Request-Headers: range
Connection: close
Response
HTTP/1.1 200 OK
Content-Length: 0
Connection: close
Access-Control-Allow-Headers: range,x-cos-server-side-encryption-customer-algorithm,x-cos-server-side-encryption-customer-key,x-cos-server-side-encryption-customer-key-md5
Access-Control-Allow-Methods: GET,HEAD
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,ETag,x-cos-meta-author
Access-Control-Max-Age: 600
Date: Thu, 09 Jul 2020 14:49:22 GMT
Server: tencent-cos
x-cos-request-id: NWYwNzJlNzJfZDUyNzVkNjRfYTA2Ml8yNGEz****
Example 3: initiating a preflight request for PUT Bucket lifecycle
Request
OPTIONS /?lifecycle HTTP/1.1
Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
Date: Thu, 09 Jul 2020 14:29:40 GMT
Origin: https://bar.com
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-md5,content-type
Connection: close
Response
HTTP/1.1 200 OK
Content-Length: 0
Connection: close
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-md5,content-type
Access-Control-Allow-Methods: PUT,GET,POST,DELETE,HEAD
Access-Control-Allow-Origin: https://bar.com
Access-Control-Expose-Headers: Content-Length,ETag,x-cos-meta-author
Access-Control-Max-Age: 600
Date: Thu, 09 Jul 2020 14:29:40 GMT
Server: tencent-cos
x-cos-request-id: NWYwNzI5ZDRfNjFiMDJhMDlfYzk2NF8xYmZl****
Example 4: bucket with no CORS configuration, or preflight request not matching the CORS configuration
Request
OPTIONS /exampleobject HTTP/1.1
Host: examplebucket-1250000000.cos.ap-beijing.myqcloud.com
Date: Thu, 09 Jul 2020 11:45:26 GMT
Origin: https://example.com
Access-Control-Request-Method: PUT
Connection: close
Response
HTTP/1.1 403 Forbidden
Content-Type: application/xml
Content-Length: 687
Connection: close
Date: Thu, 09 Jul 2020 11:45:26 GMT
Server: tencent-cos
x-cos-request-id: NWYwNzAzNTZfNzNjODJhMDlfMzRiM2ZfMThjMjk4****
x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4OWM4Y2M5MzI5ZmUzN2FjZDk1OTRjYWI5Yjg5OTJlZDA=
﻿
<?xml version='1.0' encoding='utf-8' ?>
<Error>
    <Code>AccessForbidden</Code>
    <Message>CORSResponse: This CORS request is not allowed. This is usually because the evalution of Origin, request method / Access-Control-Request-Method or Access-Control-Requet-Headers are not whitelisted by the resource&apos;s CORS spec</Message>
    <Resource>examplebucket-1250000000.cos.ap-beijing.myqcloud.com/exampleobject</Resource>
    <RequestId>NWYwNzAzNTZfNzNjODJhMDlfMzRiM2ZfMThjMjk4****</RequestId>
    <TraceId>OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4OWM4Y2M5MzI5ZmUzN2FjZDk1OTRjYWI5Yjg5OTJlZDA=</TraceId>
</Error>
﻿

도움말 및 지원

문제 해결에 도움이 되었나요?

더 자세한 내용은 문의하기 또는 티겟 제출 을 통해 문의할 수 있습니다.

피드백

tencent cloud

Cloud Object Storage

OPTIONS Object

Overview

Request

Sample request

Request parameters

Request headers

Request body

Response

Response headers

Response body

Error codes

Examples

Example 1: initiating a preflight request for `PUT Object`

Request

Response

Example 2: initiating a preflight request when `GET Object` carries the `range` request header

Request

Response

Example 3: initiating a preflight request for `PUT Bucket lifecycle`

Request

Response

Example 4: bucket with no CORS configuration, or preflight request not matching the CORS configuration

Request

Response

도움말 및 지원

Header	Description	Type	Required
Origin	Domain that initiates the CORS request	string	Yes
Access-Control-Request-Method	Method used for the CORS request	string	Yes
Access-Control-Request-Headers	HTTP request headers used for the CORS request. You can use commas (,) to separate multiple headers (case-insensitive).	string	No