OPTIONS

You’re reading the English version of this content since no translation exists yet for this locale. Help us translate this article!

HTTP OPTIONS method 는 목표 리소스와의 통신 옵션을 설명하기 위해 사용됩니다. 클라이언트는 OPTIONS 메소드의 URL을 특정지을 수 있으며, aterisk(*) 를 통해 서버 전체를 선택할 수 있습니다.

Request has body No
Successful response has body Yes
Safe Yes
Idempotent Yes
Cacheable No
Allowed in HTML forms No

Syntax

OPTIONS /index.html HTTP/1.1
OPTIONS * HTTP/1.1

Examples

Identifying allowed request methods

curl을 이용하여 OPTIONS 요청을 서버에 보냄으로써 서버에서 지원하는 method를 확인할 수 있다.

curl -X OPTIONS http://example.org -i응

요청을 보내면, 응답에 Allow헤더가 포함되어서 오는데, 이를 통해 허용되는 메소드를 확인할 수 있다.

HTTP/1.1 200 OK
Allow: OPTIONS, GET, HEAD, POST
Cache-Control: max-age=604800
Date: Thu, 13 Oct 2016 11:45:00 GMT
Expires: Thu, 20 Oct 2016 11:45:00 GMT
Server: EOS (lax004/2813)
x-ec-custom-error: 1
Content-Length: 0

Preflighted requests in CORS

In CORS, a preflight request with the OPTIONS method is sent, so that the server can respond whether it is acceptable to send the request with these parameters. The Access-Control-Request-Method header notifies the server as part of a preflight request that when the actual request is sent, it will be sent with a POST request method. The Access-Control-Request-Headers header notifies the server that when the actual request is sent, it will be sent with a X-PINGOTHER and Content-Type custom headers.  The server now has an opportunity to determine whether it wishes to accept a request under these circumstances.

OPTIONS /resources/post-here/ HTTP/1.1 
Host: bar.other 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: en-us,en;q=0.5 
Accept-Encoding: gzip,deflate 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 
Connection: keep-alive 
Origin: http://foo.example 
Access-Control-Request-Method: POST 
Access-Control-Request-Headers: X-PINGOTHER, Content-Type

The server responds with Access-Control-Allow-Methods and says that POST, GET, and OPTIONS are viable methods to query the resource in question. This header is similar to the Allow response header, but used strictly within the context of CORS.

HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:39 GMT 
Server: Apache/2.0.61 (Unix) 
Access-Control-Allow-Origin: http://foo.example 
Access-Control-Allow-Methods: POST, GET, OPTIONS 
Access-Control-Allow-Headers: X-PINGOTHER, Content-Type 
Access-Control-Max-Age: 86400 
Vary: Accept-Encoding, Origin 
Content-Encoding: gzip 
Content-Length: 0 
Keep-Alive: timeout=2, max=100 
Connection: Keep-Alive 
Content-Type: text/plain

Specifications

Specification Title
RFC 7231, section 4.3.7: OPTIONS Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
OPTIONSChrome Full support YesEdge Full support YesFirefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes

Legend

Full support  
Full support

See also

관련 주제
  1. HTTP
  2. 가이드:
  3. 리소스와 URIs
    1. 웹의 리소스 식별하기
    2. 데이터 URIs
    3. MIME 타입 소개
    4. MIME 타입의 전체 리스트
    5. www와 non-www URL 중에서 선택하기
  4. HTTP 가이드
    1. HTTP 기본
    2. HTTP 개요
    3. HTTP의 진화
    4. HTTP 메시지
    5. 전형적인 HTTP 세션
    6. HTTP/1.x의 연결 관리
    7. 프로토콜 업그레이드 메커니즘
  5. HTTP 보안
    1. Content Security Policy (CSP)
    2. HTTP Public Key Pinning (HPKP)
    3. HTTP Strict Transport Security (HSTS)
    4. Cookie security
    5. X-Content-Type-Options
    6. X-Frame-Options
    7. X-XSS-Protection
    8. Mozilla web security guidelines
    9. Mozilla Observatory
  6. HTTP 접근 제어(CORS)
  7. HTTP 인증
  8. HTTP 캐싱
  9. HTTP 압축
  10. HTTP 조건부 요청
  11. HTTP 컨텐츠 협상
  12. HTTP 쿠키
  13. HTTP range 요청
  14. HTTP 리다이렉트
  15. HTTP 명세
  16. Feature policy
  17. 레퍼런스:
  18. HTTP 헤더
    1. Accept
    2. Accept-CH [Translate]
    3. Accept-CH-Lifetime [Translate]
    4. Accept-Charset
    5. Accept-Encoding
    6. Accept-Language
    7. Accept-Patch [Translate]
    8. Accept-Ranges
    9. Access-Control-Allow-Credentials
    10. Access-Control-Allow-Headers
    11. Access-Control-Allow-Methods [Translate]
    12. Access-Control-Allow-Origin
    13. Access-Control-Expose-Headers [Translate]
    14. Access-Control-Max-Age [Translate]
    15. Access-Control-Request-Headers
    16. Access-Control-Request-Method
    17. Age
    18. Allow
    19. Alt-Svc [Translate]
    20. Authorization
    21. Cache-Control
    22. Clear-Site-Data [Translate]
    23. Connection
    24. Content-Disposition [Translate]
    25. Content-Encoding
    26. Content-Language
    27. Content-Length
    28. Content-Location
    29. Content-Range
    30. Content-Security-Policy
    31. Content-Security-Policy-Report-Only [Translate]
    32. Content-Type
    33. Cookie
    34. Cookie2 [Translate]
    35. Cross-Origin-Resource-Policy [Translate]
    36. DNT
    37. DPR [Translate]
    38. Date
    39. Device-Memory [Translate]
    40. Digest [Translate]
    41. ETag
    42. Early-Data [Translate]
    43. Expect
    44. Expect-CT [Translate]
    45. Expires
    46. Feature-Policy [Translate]
    47. Forwarded
    48. From
    49. Host
    50. If-Match [Translate]
    51. If-Modified-Since
    52. If-None-Match [Translate]
    53. If-Range
    54. If-Unmodified-Since [Translate]
    55. Index [Translate]
    56. Keep-Alive
    57. Large-Allocation [Translate]
    58. Last-Modified
    59. Link [Translate]
    60. Location [Translate]
    61. Origin [Translate]
    62. Pragma
    63. Proxy-Authenticate [Translate]
    64. Proxy-Authorization [Translate]
    65. Public-Key-Pins [Translate]
    66. Public-Key-Pins-Report-Only [Translate]
    67. Range
    68. Referer
    69. Referrer-Policy [Translate]
    70. Retry-After
    71. Save-Data [Translate]
    72. Sec-WebSocket-Accept [Translate]
    73. Server
    74. Server-Timing [Translate]
    75. Set-Cookie
    76. Set-Cookie2 [Translate]
    77. SourceMap [Translate]
    78. Strict-Transport-Security
    79. TE [Translate]
    80. Timing-Allow-Origin [Translate]
    81. Tk [Translate]
    82. Trailer [Translate]
    83. Transfer-Encoding
    84. Upgrade-Insecure-Requests [Translate]
    85. User-Agent [Translate]
    86. Vary
    87. Via [Translate]
    88. WWW-Authenticate [Translate]
    89. Want-Digest [Translate]
    90. Warning [Translate]
    91. X-Content-Type-Options [Translate]
    92. X-DNS-Prefetch-Control [Translate]
    93. X-Forwarded-For
    94. X-Forwarded-Host [Translate]
    95. X-Forwarded-Proto
    96. X-Frame-Options
    97. X-XSS-Protection
  19. HTTP 요청 메소드
    1. CONNECT
    2. DELETE
    3. GET
    4. HEAD
    5. OPTIONS
    6. PATCH
    7. POST
    8. PUT
    9. TRACE [Translate]
  20. HTTP 응답 상태 코드
    1. 100 Continue
    2. 101 Switching Protocols
    3. 103 Early Hints [Translate]
    4. 200 OK
    5. 201 Created
    6. 202 Accepted [Translate]
    7. 203 Non-Authoritative Information [Translate]
    8. 204 No Content [Translate]
    9. 205 Reset Content
    10. 206 Partial Content
    11. 300 Multiple Choices [Translate]
    12. 301 Moved Permanently
    13. 302 Found
    14. 303 See Other [Translate]
    15. 304 Not Modified
    16. 307 Temporary Redirect [Translate]
    17. 308 Permanent Redirect [Translate]
    18. 400 Bad Request
    19. 401 Unauthorized
    20. 402 Payment Required [Translate]
    21. 403 Forbidden
    22. 404 Not Found
    23. 405 Method Not Allowed
    24. 406 Not Acceptable [Translate]
    25. 407 Proxy Authentication Required [Translate]
    26. 408 Request Timeout [Translate]
    27. 409 Conflict
    28. 410 Gone [Translate]
    29. 411 Length Required
    30. 412 Precondition Failed [Translate]
    31. 413 Payload Too Large
    32. 414 URI Too Long [Translate]
    33. 415 Unsupported Media Type [Translate]
    34. 416 Range Not Satisfiable
    35. 417 Expectation Failed [Translate]
    36. 418 I'm a teapot
    37. 422 Unprocessable Entity
    38. 425 Too Early [Translate]
    39. 426 Upgrade Required [Translate]
    40. 428 Precondition Required [Translate]
    41. 429 Too Many Requests [Translate]
    42. 431 Request Header Fields Too Large [Translate]
    43. 451 Unavailable For Legal Reasons [Translate]
    44. 500 Internal Server Error
    45. 501 Not Implemented [Translate]
    46. 502 Bad Gateway [Translate]
    47. 503 Service Unavailable
    48. 504 Gateway Timeout [Translate]
    49. 505 HTTP Version Not Supported [Translate]
    50. 506 Variant Also Negotiates [Translate]
    51. 507 Insufficient Storage [Translate]
    52. 508 Loop Detected [Translate]
    53. 511 Network Authentication Required [Translate]
  21. CSP 지시문
    1. CSP: base-uri [Translate]
    2. CSP: block-all-mixed-content [Translate]
    3. CSP: child-src [Translate]
    4. CSP: connect-src [Translate]
    5. CSP: default-src
    6. CSP: font-src [Translate]
    7. CSP: form-action [Translate]
    8. CSP: frame-ancestors [Translate]
    9. CSP: frame-src [Translate]
    10. CSP: img-src
    11. CSP: manifest-src [Translate]
    12. CSP: media-src
    13. CSP: navigate-to [Translate]
    14. CSP: object-src [Translate]
    15. CSP: plugin-types [Translate]
    16. CSP: prefetch-src [Translate]
    17. CSP: referrer [Translate]
    18. report-to
    19. CSP: report-uri [Translate]
    20. CSP: require-sri-for [Translate]
    21. CSP: sandbox [Translate]
    22. CSP: script-src
    23. CSP: script-src-attr [Translate]
    24. CSP: script-src-elem [Translate]
    25. CSP: style-src [Translate]
    26. CSP: style-src-attr [Translate]
    27. CSP: style-src-elem [Translate]
    28. CSP: trusted-types [Translate]
    29. CSP: upgrade-insecure-requests [Translate]
    30. CSP: worker-src [Translate]
  22. CORS 에러
    1. Reason: CORS disabled [Translate]
    2. Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz' [Translate]
    3. Reason: CORS header 'Access-Control-Allow-Origin' missing [Translate]
    4. Reason: CORS header ‘Origin’ cannot be added [Translate]
    5. Reason: CORS preflight channel did not succeed [Translate]
    6. Reason: CORS request did not succeed
    7. Reason: CORS request external redirect not allowed [Translate]
    8. Reason: CORS request not HTTP [Translate]
    9. Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’ [Translate]
    10. Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’ [Translate]
    11. Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed [Translate]
    12. Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’ [Translate]
    13. Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ [Translate]
    14. Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Methods’ [Translate]
    15. Reason: missing token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel [Translate]
  23. Feature-Policy 지시문
    1. Feature-Policy: accelerometer [Translate]
    2. Feature-Policy: ambient-light-sensor [Translate]
    3. Feature-Policy: autoplay [Translate]
    4. Feature-Policy: battery [Translate]
    5. Feature-Policy: camera [Translate]
    6. Feature-Policy: display-capture [Translate]
    7. Feature-Policy: document-domain [Translate]
    8. Feature-Policy: encrypted-media [Translate]
    9. Feature-Policy: fullscreen [Translate]
    10. Feature-Policy: geolocation [Translate]
    11. Feature-Policy: gyroscope [Translate]
    12. Feature-Policy: layout-animations [Translate]
    13. Feature-Policy: legacy-image-formats [Translate]
    14. Feature-Policy: magnetometer [Translate]
    15. Feature-Policy: microphone [Translate]
    16. Feature-Policy: midi [Translate]
    17. Feature-Policy: oversized-images [Translate]
    18. Feature-Policy: payment [Translate]
    19. Feature-Policy: picture-in-picture [Translate]
    20. Feature-Policy: publickey-credentials [Translate]
    21. Feature-Policy: speaker [Translate]
    22. Feature-Policy: sync-xhr [Translate]
    23. Feature-Policy: unoptimized-images [Translate]
    24. Feature-Policy: unsized-media [Translate]
    25. Feature-Policy: usb [Translate]
    26. Feature-Policy: vibrate [Translate]
    27. Feature-Policy: vr [Translate]
    28. Feature-Policy: wake-lock [Translate]
    29. Feature-Policy: xr [Translate]
    30. Feature-Policy: xr-spatial-tracking [Translate]