HCP Tenant Management Help


Example: Preflighted request (CORS)

Here is an sample CORS preflighted request.

The preflighted request comprises two exchanges: an HTTP OPTIONS request (preflight request) from a web browser in one domain to a server in another domain to determine whether the actual request is safe to send, followed by the actual request.

Request headers (Preflight request)

OPTIONS rest/file.txt HTTP/1.1
Host: finance.europe.hcp.example.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36
Access-Control-Request-Headers: Authorization
Access-Control-Request-Method: GET
Origin: http://lgreen.example.com
Referer: http://lgreen.example.com/cors/rest.html

Response headers (Preflight request)

HTTP/1.1 200 OK
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Methods: GET, PUT, DELETE, POST, HEAD
Access-Control-Allow-Origin: *
Cache-Control: no-cache,no-store,must-revalidate
Content-Length: 0
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-ancestors 'self';
Date: Tue, 07 May 2019 14:45:08 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

In this example, the first exchange is complete. The server evaluated the preflight request against the CORS rules configuration for the resource, and responded that it is acceptable for the browser to send the actual request parameters: a GET request to a bucket named finance for an object named rest/file.txt.

Request headers (Actual request)

GET rest/file.txt HTTP/1.1
Host:finance.europe.hcp.example.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36
Origin:http://lgreen.example.com

Response headers (Actual request)

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://lgreen.example.com
Access-Control-Expose-Headers: ETag

Response body (Actual request)

[contents of the rest/file.txt object]

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.