OPTIONS - HTTP 编辑

The HTTP OPTIONS method requests permitted communication options for a given URL or server. A client can specify a URL with this method, or an asterisk (*) to refer to the entire server.

Request has bodyNo
Successful response has bodyYes
SafeYes
IdempotentYes
CacheableNo
Allowed in HTML formsNo

Syntax

OPTIONS /index.html HTTP/1.1
OPTIONS * HTTP/1.1

Examples

Identifying allowed request methods

To find out which request methods a server supports, one can use the curl command-line program to issue an OPTIONS request:

curl -X OPTIONS https://example.org -i

The response then contains an Allow header that holds the allowed methods:

HTTP/1.1 204 No Content
Allow: OPTIONS, GET, HEAD, POST
Cache-Control: max-age=604800
Date: Thu, 13 Oct 2016 11:45:00 GMT
Server: EOS (lax004/2813)

Preflighted requests in CORS

In CORS, a preflight request is sent with the OPTIONS method so that the server can respond if it is acceptable to send the request. In this example, we will request permission for these parameters:

OPTIONS /resources/post-here/ HTTP/1.1
Host: bar.example
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Connection: keep-alive
Origin: https://foo.example
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-PINGOTHER, Content-Type

The server now can respond if it will accept a request under these circumstances. In this example, the server response says that:

Access-Control-Allow-Origin
The https://foo.example origin is permitted to request the bar.example/resources/post-here/ URL via the following:
Access-Control-Allow-Methods
POST, GET, and OPTIONS are permitted methods for the URL. (This header is similar to the Allow response header, but used only for CORS.)
Access-Control-Allow-Headers
Any script inspecting the response is permitted to read the values of the X-PINGOTHER and Content-Type headers.
Access-Control-Max-Age
The above permissions may be cached for 86,400 seconds (1 day).
HTTP/1.1 204 No Content
Date: Mon, 01 Dec 2008 01:15:39 GMT
Server: Apache/2.0.61 (Unix)
Access-Control-Allow-Origin: https://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER, Content-Type
Access-Control-Max-Age: 86400
Vary: Accept-Encoding, Origin
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive

Specifications

SpecificationTitle
RFC 7231, section 4.3.7: OPTIONSHypertext Transfer Protocol (HTTP/1.1): Semantics and Content

Browser compatibility

BCD tables only load in the browser

See also

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:80 次

字数:6139

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文