options( )

A function that responds to requests made with the HTTP OPTIONS method.

Description

The HTTP OPTIONS method is usually called by consumers attempting to identify the allowed request methods or as part of a CORS preflight request. If defined in this way, the function should respond with a 204 (No Content) status code and header data that indicates which methods are allowed and from which origins.

The value for the "Access-Control-Allow-Origin" response header determines whether the response can be shared with a given requesting origin. Its value can be one of "*", a single specific origin URL, or null as described here. Due to security concerns, it is recommended that you use a single specific origin URL whenever possible. If you need to allow more than one origin URL, you should validate that the requesting origin is allowed access and then echo it back in the response header.

Respond to the request by returning a WixHttpFunctionResponse object you create using the response() function.

The options() function is not a function that you call from your code. You define the function in a file named http-functions.js in your site's Backend section. The function is called when your users make HTTP requests using the associated URLs as described below.

All OPTIONS requests with the following URL will be routed to this function:

Premium sites:

https://www.{user_domain}/_functions/<functionName>

Copy Code

Free sites:

https://{user_name}.wixsite.com/{site_name}/_functions/<functionName>

Copy Code

Note: You must publish your site at least once before using both the testing and production endpoints. After that, you save your site for changes you make to testing endpoints to take effect and you publish your site for changes you make to the production endpoints to take effect.

Syntax

function options(request: wixhttpfunctionrequest-obj): WixHttpFunctionResponse

options Parameters

NAME

TYPE

DESCRIPTION

request

wixhttpfunctionrequest-obj

The request object.

Returns

Return Type:

WixHttpFunctionResponse

Was this helpful?

Create an OPTIONS HTTP function

This example creates an OPTIONS HTTP function named myFunction.

Copy Code

1// In http-functions.js
2
3import {response} from 'wix-http-functions';
4
5// URL looks like:
6// https://www.mysite.com/_functions/myFunction/
7// or:
8// https://user.wixsite.com/mysite/_functions/myFunction/
9
10export function options_myFunction(request) {
11  let headers = {
12      "Access-Control-Allow-Origin": "https://www.example.com",
13      "Access-Control-Allow-Methods": "POST, GET, OPTIONS",
14      "Access-Control-Max-Age": "86400"
15  }
16  return response({"status": 204, "headers": headers});
17}
18

Create an OPTIONS HTTP function that validates the origin

This example creates an OPTIONS HTTP function named myFunction which validates the origin using a validate() function that you must define.

Copy Code

1// In http-functions.js
2
3import {response} from 'wix-http-functions';
4
5// URL looks like:
6// https://www.mysite.com/_functions/myFunction/
7// or:
8// https://user.wixsite.com/mysite/_functions/myFunction/
9
10export function options_myFunction(request) {
11  let headers = {
12      "Access-Control-Allow-Methods": "POST, GET, OPTIONS",
13      "Access-Control-Max-Age": "86400"
14  }
15
16  // send allowed origin header only if origin
17  // is validated by some validation function
18  if(validate(request.headers.origin)) {
19    headers["Access-Control-Allow-Origin"] = request.headers.origin;
20  }
21
22  return response({"status": 204, "headers": headers});
23}
24