GuideReference
Guide

allow_​options

Suggest Edits
Version: v2025-02-18Includes use: Yes

Behavior name: Allow OPTIONS

GET, HEAD, and OPTIONS requests are allowed by default. All other HTTP methods result in a 501 error. For full support of Cross-Origin Resource Sharing (CORS), you need to allow requests that use the OPTIONS method. If you're using the cors​_support behavior, do not disable OPTIONS requests. The response to an OPTIONS request is not cached, so the request always goes through the Akamai network to your origin, unless you use the construct​_response behavior to send responses directly from the Akamai network. See also the allow​_delete, allow​_patch, allow​_post, and allow​_put behaviors.

Default behavior

These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.

data "akamai_property_rules_builder" "allow_options" {
  rules_v2025_02_18 {
    name     = "Allow OPTIONS"
    comments = "GET, HEAD, and OPTIONS requests are allowed by default."
    behavior {
      allow_options {
        enabled = true
    }
  }
}

"behaviors": [
  {
    "name": "allowOptions",
    "options": {
      "enabled": true
    }
  }
]

Options

Option Description
enabled
Boolean
Set this to true to reflect the default policy where edge servers allow the OPTIONS method, without caching the response. Set this to false to deny OPTIONS requests and respond with a 501 error.

Updated 10 days ago