이 문서는 아직 자원 봉사자들이 한국어로 번역하지 않았습니다. 함께 해서 번역을 마치도록 도와 주세요!
The HTTP OPTIONS
method is used to describe the communication options for the target resource. The client can specify a specific URL for the OPTIONS method, or an asterisk (*) to refer to the entire server.
Request has body | No |
---|---|
Successful response has body | No |
Safe | Yes |
Idempotent | Yes |
Cacheable | Yes |
Allowed in HTML forms | No |
Syntax
OPTIONS /index.html HTTP/1.1 OPTIONS * HTTP/1.1
Examples
Identifying allowed request methods
To find out which request methods a server supports, when can use curl and issue an OPTIONS request:
curl -X OPTIONS https://example.org -i
The response then contains an Allow
header with the allowed methods:
HTTP/1.1 200 OK Allow: OPTIONS, GET, HEAD, POST Cache-Control: max-age=604800 Date: Thu, 13 Oct 2016 11:45:00 GMT Expires: Thu, 20 Oct 2016 11:45:00 GMT Server: EOS (lax004/2813) x-ec-custom-error: 1 Content-Length: 0
Preflighted requests in CORS
In CORS, a preflight request with the OPTIONS
method is sent, so that the server can respond whether it is acceptable to send the request with these parameters. The Access-Control-Request-Method
header notifies the server as part of a preflight request that when the actual request is sent, it will be sent with a POST
request method. The Access-Control-Request-Headers
header notifies the server that when the actual request is sent, it will be sent with a X-PINGOTHER
and Content-Type
custom headers. The server now has an opportunity to determine whether it wishes to accept a request under these circumstances.
OPTIONS /resources/post-here/ HTTP/1.1 Host: bar.other Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Origin: https://foo.example Access-Control-Request-Method: POST Access-Control-Request-Headers: X-PINGOTHER, Content-Type
The server responds with Access-Control-Allow-Methods
and says that POST
, GET
, and OPTIONS
are viable methods to query the resource in question. This header is similar to the Allow
response header, but used strictly within the context of CORS.
HTTP/1.1 200 OK Date: Mon, 01 Dec 2008 01:15:39 GMT Server: Apache/2.0.61 (Unix) Access-Control-Allow-Origin: https://foo.example Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: X-PINGOTHER, Content-Type Access-Control-Max-Age: 86400 Vary: Accept-Encoding, Origin Content-Encoding: gzip Content-Length: 0 Keep-Alive: timeout=2, max=100 Connection: Keep-Alive Content-Type: text/plain
Specifications
Specification | Title |
---|---|
RFC 7231, section 4.3.7: OPTIONS | Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content |
Browser compatibility
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Feature | Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | Servo |
---|---|---|---|---|---|---|---|
Basic Support | (Yes) | (Yes) | (Yes) | (Yes) | (Yes) | (Yes) | (Yes) |
Feature | Android | Chrome for Android | Edge Mobile | Firefox for Android | IE Mobile | Opera Mobile | Safari Mobile |
---|---|---|---|---|---|---|---|
Basic Support | (Yes) | (Yes) | (Yes) | (Yes) | (Yes) | (Yes) | (Yes) |