allow_options
Version: v2025-02-18 | Includes use: Yes |
---|
Behavior name: Allow OPTIONS
GET
, HEAD
, and OPTIONS
requests are allowed by default. All other HTTP methods result in a 501
error. For full support of Cross-Origin Resource Sharing (CORS), you need to allow requests that use the OPTIONS
method. If you're using the cors_support
behavior, do not disable OPTIONS
requests. The response to an OPTIONS
request is not cached, so the request always goes through the Akamai network to your origin, unless you use the construct_response
behavior to send responses directly from the Akamai network. See also the allow_delete
, allow_patch
, allow_post
, and allow_put
behaviors.
Default behavior
These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.
data "akamai_property_rules_builder" "allow_options" {
rules_v2025_02_18 {
name = "Allow OPTIONS"
comments = "GET, HEAD, and OPTIONS requests are allowed by default."
behavior {
allow_options {
enabled = true
}
}
}
"behaviors": [
{
"name": "allowOptions",
"options": {
"enabled": true
}
}
]
Options
Option | Description |
---|---|
enabled |
Set this to
true to reflect the default policy where edge servers allow the OPTIONS method, without caching the response. Set this to false to deny OPTIONS requests and respond with a 501 error.
|
Updated 10 days ago