[#39] Add CORS

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-08-05 22:09:19 +03:00 · 2022-08-05 22:09:19 +03:00 · d18312ecde
commit d18312ecde
parent 6e01a0ead7
44 changed files with 2613 additions and 148 deletions
--- a/gen/models/error.go
+++ b/gen/models/error.go
@ -1,27 +0,0 @@
-// Code generated by go-swagger; DO NOT EDIT.
-
-package models
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-import (
-	"context"
-
-	"github.com/go-openapi/strfmt"
-)
-
-// Error error
-//
-// swagger:model Error
-type Error string
-
-// Validate validates this error
-func (m Error) Validate(formats strfmt.Registry) error {
-	return nil
-}
-
-// ContextValidate validates this error based on context it is used
-func (m Error) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
-	return nil
-}
--- a/gen/restapi/embedded_spec.go
+++ b/gen/restapi/embedded_spec.go
@ -53,6 +53,11 @@ func init() {
            "description": "Balance of address in NeoFS",
            "schema": {
              "$ref": "#/definitions/Balance"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -111,6 +116,11 @@ func init() {
              "items": {
                "$ref": "#/definitions/TokenResponse"
              }
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -120,6 +130,23 @@ func init() {
            }
          }
        }
+      },
+      "options": {
+        "security": [],
+        "operationId": "optionsAuth",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
      }
    },
    "/containers": {
@ -157,6 +184,11 @@ func init() {
            "description": "Containers info.",
            "schema": {
              "$ref": "#/definitions/ContainerList"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -213,6 +245,11 @@ func init() {
              "example": {
                "containerId": "5HZTn5qkRnmgSz9gSrw22CEdPPk6nQhkwf2Mgzyvkikv"
              }
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -222,6 +259,26 @@ func init() {
            }
          }
        }
+      },
+      "options": {
+        "security": [],
+        "operationId": "optionsContainersPutList",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
      }
    },
    "/containers/{containerId}": {
@ -234,6 +291,11 @@ func init() {
            "description": "Container info.",
            "schema": {
              "$ref": "#/definitions/ContainerInfo"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -263,6 +325,11 @@ func init() {
            "description": "Successful deletion.",
            "schema": {
              "$ref": "#/definitions/SuccessResponse"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -273,6 +340,26 @@ func init() {
          }
        }
      },
+      "options": {
+        "security": [],
+        "operationId": "optionsContainersGetDelete",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      },
      "parameters": [
        {
          "$ref": "#/parameters/containerId"
@ -289,6 +376,11 @@ func init() {
            "description": "Container EACL information.",
            "schema": {
              "$ref": "#/definitions/Eacl"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -327,6 +419,11 @@ func init() {
            "description": "Successful EACL updating.",
            "schema": {
              "$ref": "#/definitions/SuccessResponse"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -337,6 +434,26 @@ func init() {
          }
        }
      },
+      "options": {
+        "security": [],
+        "operationId": "optionsContainersEACL",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      },
      "parameters": [
        {
          "$ref": "#/parameters/containerId"
@ -354,6 +471,15 @@ func init() {
        "summary": "Upload object to NeoFS",
        "operationId": "putObject",
        "parameters": [
+          {
+            "$ref": "#/parameters/signatureParam"
+          },
+          {
+            "$ref": "#/parameters/signatureKeyParam"
+          },
+          {
+            "$ref": "#/parameters/signatureScheme"
+          },
          {
            "description": "Object info to upload",
            "name": "object",
@ -369,6 +495,11 @@ func init() {
            "description": "Address of uploaded objects",
            "schema": {
              "$ref": "#/definitions/Address"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -379,23 +510,41 @@ func init() {
          }
        }
      },
-      "parameters": [
-        {
-          "$ref": "#/parameters/signatureParam"
-        },
-        {
-          "$ref": "#/parameters/signatureKeyParam"
-        },
-        {
-          "$ref": "#/parameters/signatureScheme"
+      "options": {
+        "security": [],
+        "operationId": "optionsObjectsPut",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
        }
-      ]
+      }
    },
    "/objects/{containerId}/search": {
      "post": {
        "summary": "Search objects by filters",
        "operationId": "searchObjects",
        "parameters": [
+          {
+            "$ref": "#/parameters/signatureParam"
+          },
+          {
+            "$ref": "#/parameters/signatureKeyParam"
+          },
+          {
+            "$ref": "#/parameters/signatureScheme"
+          },
          {
            "type": "integer",
            "default": 0,
@ -427,6 +576,11 @@ func init() {
            "description": "List of objects",
            "schema": {
              "$ref": "#/definitions/ObjectList"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -437,16 +591,24 @@ func init() {
          }
        }
      },
+      "options": {
+        "security": [],
+        "operationId": "optionsObjectsSearch",
+        "responses": {
+          "200": {
+            "description": "Base64 encoded stable binary marshaled bearer token.",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      },
      "parameters": [
-        {
-          "$ref": "#/parameters/signatureParam"
-        },
-        {
-          "$ref": "#/parameters/signatureKeyParam"
-        },
-        {
-          "$ref": "#/parameters/signatureScheme"
-        },
        {
          "$ref": "#/parameters/containerId"
        }
@ -457,6 +619,15 @@ func init() {
        "summary": "Get object info by address",
        "operationId": "getObjectInfo",
        "parameters": [
+          {
+            "$ref": "#/parameters/signatureParam"
+          },
+          {
+            "$ref": "#/parameters/signatureKeyParam"
+          },
+          {
+            "$ref": "#/parameters/signatureScheme"
+          },
          {
            "type": "integer",
            "description": "Range offset to start reading data.",
@ -484,6 +655,11 @@ func init() {
            "description": "Object info",
            "schema": {
              "$ref": "#/definitions/ObjectInfo"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -497,11 +673,27 @@ func init() {
      "delete": {
        "summary": "Remove object from NeoFS",
        "operationId": "deleteObject",
+        "parameters": [
+          {
+            "$ref": "#/parameters/signatureParam"
+          },
+          {
+            "$ref": "#/parameters/signatureKeyParam"
+          },
+          {
+            "$ref": "#/parameters/signatureScheme"
+          }
+        ],
        "responses": {
          "200": {
            "description": "Successful deletion.",
            "schema": {
              "$ref": "#/definitions/SuccessResponse"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -512,16 +704,27 @@ func init() {
          }
        }
      },
+      "options": {
+        "security": [],
+        "operationId": "optionsObjectsGetDelete",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      },
      "parameters": [
-        {
-          "$ref": "#/parameters/signatureParam"
-        },
-        {
-          "$ref": "#/parameters/signatureKeyParam"
-        },
-        {
-          "$ref": "#/parameters/signatureScheme"
-        },
        {
          "$ref": "#/parameters/containerId"
        },
@ -1381,6 +1584,11 @@ func init() {
            "description": "Balance of address in NeoFS",
            "schema": {
              "$ref": "#/definitions/Balance"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1439,6 +1647,11 @@ func init() {
              "items": {
                "$ref": "#/definitions/TokenResponse"
              }
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1448,6 +1661,23 @@ func init() {
            }
          }
        }
+      },
+      "options": {
+        "security": [],
+        "operationId": "optionsAuth",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
      }
    },
    "/containers": {
@ -1486,6 +1716,11 @@ func init() {
            "description": "Containers info.",
            "schema": {
              "$ref": "#/definitions/ContainerList"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1554,6 +1789,11 @@ func init() {
              "example": {
                "containerId": "5HZTn5qkRnmgSz9gSrw22CEdPPk6nQhkwf2Mgzyvkikv"
              }
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1563,6 +1803,26 @@ func init() {
            }
          }
        }
+      },
+      "options": {
+        "security": [],
+        "operationId": "optionsContainersPutList",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
      }
    },
    "/containers/{containerId}": {
@ -1575,6 +1835,11 @@ func init() {
            "description": "Container info.",
            "schema": {
              "$ref": "#/definitions/ContainerInfo"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1616,6 +1881,11 @@ func init() {
            "description": "Successful deletion.",
            "schema": {
              "$ref": "#/definitions/SuccessResponse"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1626,6 +1896,26 @@ func init() {
          }
        }
      },
+      "options": {
+        "security": [],
+        "operationId": "optionsContainersGetDelete",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      },
      "parameters": [
        {
          "type": "string",
@ -1646,6 +1936,11 @@ func init() {
            "description": "Container EACL information.",
            "schema": {
              "$ref": "#/definitions/Eacl"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1696,6 +1991,11 @@ func init() {
            "description": "Successful EACL updating.",
            "schema": {
              "$ref": "#/definitions/SuccessResponse"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1706,6 +2006,26 @@ func init() {
          }
        }
      },
+      "options": {
+        "security": [],
+        "operationId": "optionsContainersEACL",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      },
      "parameters": [
        {
          "type": "string",
@ -1727,6 +2047,27 @@ func init() {
        "summary": "Upload object to NeoFS",
        "operationId": "putObject",
        "parameters": [
+          {
+            "type": "string",
+            "description": "Base64 encoded signature for bearer token.",
+            "name": "X-Bearer-Signature",
+            "in": "header",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "Hex encoded the public part of the key that signed the bearer token.",
+            "name": "X-Bearer-Signature-Key",
+            "in": "header",
+            "required": true
+          },
+          {
+            "type": "boolean",
+            "default": false,
+            "description": "Use wallet connect signature scheme or native NeoFS signature.",
+            "name": "walletConnect",
+            "in": "query"
+          },
          {
            "description": "Object info to upload",
            "name": "object",
@ -1742,6 +2083,11 @@ func init() {
            "description": "Address of uploaded objects",
            "schema": {
              "$ref": "#/definitions/Address"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1752,35 +2098,53 @@ func init() {
          }
        }
      },
-      "parameters": [
-        {
-          "type": "string",
-          "description": "Base64 encoded signature for bearer token.",
-          "name": "X-Bearer-Signature",
-          "in": "header",
-          "required": true
-        },
-        {
-          "type": "string",
-          "description": "Hex encoded the public part of the key that signed the bearer token.",
-          "name": "X-Bearer-Signature-Key",
-          "in": "header",
-          "required": true
-        },
-        {
-          "type": "boolean",
-          "default": false,
-          "description": "Use wallet connect signature scheme or native NeoFS signature.",
-          "name": "walletConnect",
-          "in": "query"
+      "options": {
+        "security": [],
+        "operationId": "optionsObjectsPut",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
        }
-      ]
+      }
    },
    "/objects/{containerId}/search": {
      "post": {
        "summary": "Search objects by filters",
        "operationId": "searchObjects",
        "parameters": [
+          {
+            "type": "string",
+            "description": "Base64 encoded signature for bearer token.",
+            "name": "X-Bearer-Signature",
+            "in": "header",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "Hex encoded the public part of the key that signed the bearer token.",
+            "name": "X-Bearer-Signature-Key",
+            "in": "header",
+            "required": true
+          },
+          {
+            "type": "boolean",
+            "default": false,
+            "description": "Use wallet connect signature scheme or native NeoFS signature.",
+            "name": "walletConnect",
+            "in": "query"
+          },
          {
            "minimum": 0,
            "type": "integer",
@ -1813,6 +2177,11 @@ func init() {
            "description": "List of objects",
            "schema": {
              "$ref": "#/definitions/ObjectList"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1823,28 +2192,24 @@ func init() {
          }
        }
      },
+      "options": {
+        "security": [],
+        "operationId": "optionsObjectsSearch",
+        "responses": {
+          "200": {
+            "description": "Base64 encoded stable binary marshaled bearer token.",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      },
      "parameters": [
-        {
-          "type": "string",
-          "description": "Base64 encoded signature for bearer token.",
-          "name": "X-Bearer-Signature",
-          "in": "header",
-          "required": true
-        },
-        {
-          "type": "string",
-          "description": "Hex encoded the public part of the key that signed the bearer token.",
-          "name": "X-Bearer-Signature-Key",
-          "in": "header",
-          "required": true
-        },
-        {
-          "type": "boolean",
-          "default": false,
-          "description": "Use wallet connect signature scheme or native NeoFS signature.",
-          "name": "walletConnect",
-          "in": "query"
-        },
        {
          "type": "string",
          "description": "Base58 encoded container id.",
@ -1859,6 +2224,27 @@ func init() {
        "summary": "Get object info by address",
        "operationId": "getObjectInfo",
        "parameters": [
+          {
+            "type": "string",
+            "description": "Base64 encoded signature for bearer token.",
+            "name": "X-Bearer-Signature",
+            "in": "header",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "Hex encoded the public part of the key that signed the bearer token.",
+            "name": "X-Bearer-Signature-Key",
+            "in": "header",
+            "required": true
+          },
+          {
+            "type": "boolean",
+            "default": false,
+            "description": "Use wallet connect signature scheme or native NeoFS signature.",
+            "name": "walletConnect",
+            "in": "query"
+          },
          {
            "minimum": 0,
            "type": "integer",
@ -1888,6 +2274,11 @@ func init() {
            "description": "Object info",
            "schema": {
              "$ref": "#/definitions/ObjectInfo"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1901,11 +2292,39 @@ func init() {
      "delete": {
        "summary": "Remove object from NeoFS",
        "operationId": "deleteObject",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "Base64 encoded signature for bearer token.",
+            "name": "X-Bearer-Signature",
+            "in": "header",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "Hex encoded the public part of the key that signed the bearer token.",
+            "name": "X-Bearer-Signature-Key",
+            "in": "header",
+            "required": true
+          },
+          {
+            "type": "boolean",
+            "default": false,
+            "description": "Use wallet connect signature scheme or native NeoFS signature.",
+            "name": "walletConnect",
+            "in": "query"
+          }
+        ],
        "responses": {
          "200": {
            "description": "Successful deletion.",
            "schema": {
              "$ref": "#/definitions/SuccessResponse"
+            },
+            "headers": {
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
            }
          },
          "400": {
@ -1916,28 +2335,27 @@ func init() {
          }
        }
      },
+      "options": {
+        "security": [],
+        "operationId": "optionsObjectsGetDelete",
+        "responses": {
+          "200": {
+            "description": "CORS",
+            "headers": {
+              "Access-Control-Allow-Headers": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Methods": {
+                "type": "string"
+              },
+              "Access-Control-Allow-Origin": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      },
      "parameters": [
-        {
-          "type": "string",
-          "description": "Base64 encoded signature for bearer token.",
-          "name": "X-Bearer-Signature",
-          "in": "header",
-          "required": true
-        },
-        {
-          "type": "string",
-          "description": "Hex encoded the public part of the key that signed the bearer token.",
-          "name": "X-Bearer-Signature-Key",
-          "in": "header",
-          "required": true
-        },
-        {
-          "type": "boolean",
-          "default": false,
-          "description": "Use wallet connect signature scheme or native NeoFS signature.",
-          "name": "walletConnect",
-          "in": "query"
-        },
        {
          "type": "string",
          "description": "Base58 encoded container id.",
--- a/gen/restapi/operations/auth_responses.go
+++ b/gen/restapi/operations/auth_responses.go
@ -21,6 +21,10 @@ const AuthOKCode int = 200
 swagger:response authOK
 */
 type AuthOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewAuthOK() *AuthOK {
 	return &AuthOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the auth o k response
+func (o *AuthOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *AuthOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the auth o k response
+func (o *AuthOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the auth o k response
 func (o *AuthOK) WithPayload(payload []*models.TokenResponse) *AuthOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *AuthOK) SetPayload(payload []*models.TokenResponse) {
 // WriteResponse to the client
 func (o *AuthOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	payload := o.Payload
 	if payload == nil {
--- a/gen/restapi/operations/delete_container_responses.go
+++ b/gen/restapi/operations/delete_container_responses.go
@ -21,6 +21,10 @@ const DeleteContainerOKCode int = 200
 swagger:response deleteContainerOK
 */
 type DeleteContainerOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewDeleteContainerOK() *DeleteContainerOK {
 	return &DeleteContainerOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the delete container o k response
+func (o *DeleteContainerOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *DeleteContainerOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the delete container o k response
+func (o *DeleteContainerOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the delete container o k response
 func (o *DeleteContainerOK) WithPayload(payload *models.SuccessResponse) *DeleteContainerOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *DeleteContainerOK) SetPayload(payload *models.SuccessResponse) {
 // WriteResponse to the client
 func (o *DeleteContainerOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/delete_object_responses.go
+++ b/gen/restapi/operations/delete_object_responses.go
@ -21,6 +21,10 @@ const DeleteObjectOKCode int = 200
 swagger:response deleteObjectOK
 */
 type DeleteObjectOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewDeleteObjectOK() *DeleteObjectOK {
 	return &DeleteObjectOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the delete object o k response
+func (o *DeleteObjectOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *DeleteObjectOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the delete object o k response
+func (o *DeleteObjectOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the delete object o k response
 func (o *DeleteObjectOK) WithPayload(payload *models.SuccessResponse) *DeleteObjectOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *DeleteObjectOK) SetPayload(payload *models.SuccessResponse) {
 // WriteResponse to the client
 func (o *DeleteObjectOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/get_balance_responses.go
+++ b/gen/restapi/operations/get_balance_responses.go
@ -21,6 +21,10 @@ const GetBalanceOKCode int = 200
 swagger:response getBalanceOK
 */
 type GetBalanceOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewGetBalanceOK() *GetBalanceOK {
 	return &GetBalanceOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the get balance o k response
+func (o *GetBalanceOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *GetBalanceOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the get balance o k response
+func (o *GetBalanceOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the get balance o k response
 func (o *GetBalanceOK) WithPayload(payload *models.Balance) *GetBalanceOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *GetBalanceOK) SetPayload(payload *models.Balance) {
 // WriteResponse to the client
 func (o *GetBalanceOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/get_container_e_acl_responses.go
+++ b/gen/restapi/operations/get_container_e_acl_responses.go
@ -21,6 +21,10 @@ const GetContainerEACLOKCode int = 200
 swagger:response getContainerEAclOK
 */
 type GetContainerEACLOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewGetContainerEACLOK() *GetContainerEACLOK {
 	return &GetContainerEACLOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the get container e Acl o k response
+func (o *GetContainerEACLOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *GetContainerEACLOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the get container e Acl o k response
+func (o *GetContainerEACLOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the get container e Acl o k response
 func (o *GetContainerEACLOK) WithPayload(payload *models.Eacl) *GetContainerEACLOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *GetContainerEACLOK) SetPayload(payload *models.Eacl) {
 // WriteResponse to the client
 func (o *GetContainerEACLOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/get_container_responses.go
+++ b/gen/restapi/operations/get_container_responses.go
@ -21,6 +21,10 @@ const GetContainerOKCode int = 200
 swagger:response getContainerOK
 */
 type GetContainerOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewGetContainerOK() *GetContainerOK {
 	return &GetContainerOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the get container o k response
+func (o *GetContainerOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *GetContainerOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the get container o k response
+func (o *GetContainerOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the get container o k response
 func (o *GetContainerOK) WithPayload(payload *models.ContainerInfo) *GetContainerOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *GetContainerOK) SetPayload(payload *models.ContainerInfo) {
 // WriteResponse to the client
 func (o *GetContainerOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/get_object_info_responses.go
+++ b/gen/restapi/operations/get_object_info_responses.go
@ -21,6 +21,10 @@ const GetObjectInfoOKCode int = 200
 swagger:response getObjectInfoOK
 */
 type GetObjectInfoOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewGetObjectInfoOK() *GetObjectInfoOK {
 	return &GetObjectInfoOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the get object info o k response
+func (o *GetObjectInfoOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *GetObjectInfoOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the get object info o k response
+func (o *GetObjectInfoOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the get object info o k response
 func (o *GetObjectInfoOK) WithPayload(payload *models.ObjectInfo) *GetObjectInfoOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *GetObjectInfoOK) SetPayload(payload *models.ObjectInfo) {
 // WriteResponse to the client
 func (o *GetObjectInfoOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/list_containers_responses.go
+++ b/gen/restapi/operations/list_containers_responses.go
@ -21,6 +21,10 @@ const ListContainersOKCode int = 200
 swagger:response listContainersOK
 */
 type ListContainersOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewListContainersOK() *ListContainersOK {
 	return &ListContainersOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the list containers o k response
+func (o *ListContainersOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *ListContainersOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the list containers o k response
+func (o *ListContainersOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the list containers o k response
 func (o *ListContainersOK) WithPayload(payload *models.ContainerList) *ListContainersOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *ListContainersOK) SetPayload(payload *models.ContainerList) {
 // WriteResponse to the client
 func (o *ListContainersOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/neofs_rest_gw_api.go
+++ b/gen/restapi/operations/neofs_rest_gw_api.go
@ -68,6 +68,27 @@ func NewNeofsRestGwAPI(spec *loads.Document) *NeofsRestGwAPI {
 		ListContainersHandler: ListContainersHandlerFunc(func(params ListContainersParams) middleware.Responder {
 			return middleware.NotImplemented("operation ListContainers has not yet been implemented")
 		}),
+		OptionsAuthHandler: OptionsAuthHandlerFunc(func(params OptionsAuthParams) middleware.Responder {
+			return middleware.NotImplemented("operation OptionsAuth has not yet been implemented")
+		}),
+		OptionsContainersEACLHandler: OptionsContainersEACLHandlerFunc(func(params OptionsContainersEACLParams) middleware.Responder {
+			return middleware.NotImplemented("operation OptionsContainersEACL has not yet been implemented")
+		}),
+		OptionsContainersGetDeleteHandler: OptionsContainersGetDeleteHandlerFunc(func(params OptionsContainersGetDeleteParams) middleware.Responder {
+			return middleware.NotImplemented("operation OptionsContainersGetDelete has not yet been implemented")
+		}),
+		OptionsContainersPutListHandler: OptionsContainersPutListHandlerFunc(func(params OptionsContainersPutListParams) middleware.Responder {
+			return middleware.NotImplemented("operation OptionsContainersPutList has not yet been implemented")
+		}),
+		OptionsObjectsGetDeleteHandler: OptionsObjectsGetDeleteHandlerFunc(func(params OptionsObjectsGetDeleteParams) middleware.Responder {
+			return middleware.NotImplemented("operation OptionsObjectsGetDelete has not yet been implemented")
+		}),
+		OptionsObjectsPutHandler: OptionsObjectsPutHandlerFunc(func(params OptionsObjectsPutParams) middleware.Responder {
+			return middleware.NotImplemented("operation OptionsObjectsPut has not yet been implemented")
+		}),
+		OptionsObjectsSearchHandler: OptionsObjectsSearchHandlerFunc(func(params OptionsObjectsSearchParams) middleware.Responder {
+			return middleware.NotImplemented("operation OptionsObjectsSearch has not yet been implemented")
+		}),
 		PutContainerHandler: PutContainerHandlerFunc(func(params PutContainerParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation PutContainer has not yet been implemented")
 		}),
@ -146,6 +167,20 @@ type NeofsRestGwAPI struct {
 	GetObjectInfoHandler GetObjectInfoHandler
 	// ListContainersHandler sets the operation handler for the list containers operation
 	ListContainersHandler ListContainersHandler
+	// OptionsAuthHandler sets the operation handler for the options auth operation
+	OptionsAuthHandler OptionsAuthHandler
+	// OptionsContainersEACLHandler sets the operation handler for the options containers e ACL operation
+	OptionsContainersEACLHandler OptionsContainersEACLHandler
+	// OptionsContainersGetDeleteHandler sets the operation handler for the options containers get delete operation
+	OptionsContainersGetDeleteHandler OptionsContainersGetDeleteHandler
+	// OptionsContainersPutListHandler sets the operation handler for the options containers put list operation
+	OptionsContainersPutListHandler OptionsContainersPutListHandler
+	// OptionsObjectsGetDeleteHandler sets the operation handler for the options objects get delete operation
+	OptionsObjectsGetDeleteHandler OptionsObjectsGetDeleteHandler
+	// OptionsObjectsPutHandler sets the operation handler for the options objects put operation
+	OptionsObjectsPutHandler OptionsObjectsPutHandler
+	// OptionsObjectsSearchHandler sets the operation handler for the options objects search operation
+	OptionsObjectsSearchHandler OptionsObjectsSearchHandler
 	// PutContainerHandler sets the operation handler for the put container operation
 	PutContainerHandler PutContainerHandler
 	// PutContainerEACLHandler sets the operation handler for the put container e ACL operation
@ -259,6 +294,27 @@ func (o *NeofsRestGwAPI) Validate() error {
 	if o.ListContainersHandler == nil {
 		unregistered = append(unregistered, "ListContainersHandler")
 	}
+	if o.OptionsAuthHandler == nil {
+		unregistered = append(unregistered, "OptionsAuthHandler")
+	}
+	if o.OptionsContainersEACLHandler == nil {
+		unregistered = append(unregistered, "OptionsContainersEACLHandler")
+	}
+	if o.OptionsContainersGetDeleteHandler == nil {
+		unregistered = append(unregistered, "OptionsContainersGetDeleteHandler")
+	}
+	if o.OptionsContainersPutListHandler == nil {
+		unregistered = append(unregistered, "OptionsContainersPutListHandler")
+	}
+	if o.OptionsObjectsGetDeleteHandler == nil {
+		unregistered = append(unregistered, "OptionsObjectsGetDeleteHandler")
+	}
+	if o.OptionsObjectsPutHandler == nil {
+		unregistered = append(unregistered, "OptionsObjectsPutHandler")
+	}
+	if o.OptionsObjectsSearchHandler == nil {
+		unregistered = append(unregistered, "OptionsObjectsSearchHandler")
+	}
 	if o.PutContainerHandler == nil {
 		unregistered = append(unregistered, "PutContainerHandler")
 	}
@ -402,6 +458,34 @@ func (o *NeofsRestGwAPI) initHandlerCache() {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
 	o.handlers["GET"]["/containers"] = NewListContainers(o.context, o.ListContainersHandler)
+	if o.handlers["OPTIONS"] == nil {
+		o.handlers["OPTIONS"] = make(map[string]http.Handler)
+	}
+	o.handlers["OPTIONS"]["/auth"] = NewOptionsAuth(o.context, o.OptionsAuthHandler)
+	if o.handlers["OPTIONS"] == nil {
+		o.handlers["OPTIONS"] = make(map[string]http.Handler)
+	}
+	o.handlers["OPTIONS"]["/containers/{containerId}/eacl"] = NewOptionsContainersEACL(o.context, o.OptionsContainersEACLHandler)
+	if o.handlers["OPTIONS"] == nil {
+		o.handlers["OPTIONS"] = make(map[string]http.Handler)
+	}
+	o.handlers["OPTIONS"]["/containers/{containerId}"] = NewOptionsContainersGetDelete(o.context, o.OptionsContainersGetDeleteHandler)
+	if o.handlers["OPTIONS"] == nil {
+		o.handlers["OPTIONS"] = make(map[string]http.Handler)
+	}
+	o.handlers["OPTIONS"]["/containers"] = NewOptionsContainersPutList(o.context, o.OptionsContainersPutListHandler)
+	if o.handlers["OPTIONS"] == nil {
+		o.handlers["OPTIONS"] = make(map[string]http.Handler)
+	}
+	o.handlers["OPTIONS"]["/objects/{containerId}/{objectId}"] = NewOptionsObjectsGetDelete(o.context, o.OptionsObjectsGetDeleteHandler)
+	if o.handlers["OPTIONS"] == nil {
+		o.handlers["OPTIONS"] = make(map[string]http.Handler)
+	}
+	o.handlers["OPTIONS"]["/objects"] = NewOptionsObjectsPut(o.context, o.OptionsObjectsPutHandler)
+	if o.handlers["OPTIONS"] == nil {
+		o.handlers["OPTIONS"] = make(map[string]http.Handler)
+	}
+	o.handlers["OPTIONS"]["/objects/{containerId}/search"] = NewOptionsObjectsSearch(o.context, o.OptionsObjectsSearchHandler)
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
--- a/gen/restapi/operations/options_auth.go
+++ b/gen/restapi/operations/options_auth.go
@ -0,0 +1,56 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// OptionsAuthHandlerFunc turns a function with the right signature into a options auth handler
+type OptionsAuthHandlerFunc func(OptionsAuthParams) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn OptionsAuthHandlerFunc) Handle(params OptionsAuthParams) middleware.Responder {
+	return fn(params)
+}
+
+// OptionsAuthHandler interface for that can handle valid options auth params
+type OptionsAuthHandler interface {
+	Handle(OptionsAuthParams) middleware.Responder
+}
+
+// NewOptionsAuth creates a new http.Handler for the options auth operation
+func NewOptionsAuth(ctx *middleware.Context, handler OptionsAuthHandler) *OptionsAuth {
+	return &OptionsAuth{Context: ctx, Handler: handler}
+}
+
+/* OptionsAuth swagger:route OPTIONS /auth optionsAuth
+
+OptionsAuth options auth API
+
+*/
+type OptionsAuth struct {
+	Context *middleware.Context
+	Handler OptionsAuthHandler
+}
+
+func (o *OptionsAuth) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewOptionsAuthParams()
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/gen/restapi/operations/options_auth_parameters.go
+++ b/gen/restapi/operations/options_auth_parameters.go
@ -0,0 +1,46 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// NewOptionsAuthParams creates a new OptionsAuthParams object
+//
+// There are no default values defined in the spec.
+func NewOptionsAuthParams() OptionsAuthParams {
+
+	return OptionsAuthParams{}
+}
+
+// OptionsAuthParams contains all the bound params for the options auth operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters optionsAuth
+type OptionsAuthParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewOptionsAuthParams() beforehand.
+func (o *OptionsAuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
--- a/gen/restapi/operations/options_auth_responses.go
+++ b/gen/restapi/operations/options_auth_responses.go
@ -0,0 +1,80 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// OptionsAuthOKCode is the HTTP code returned for type OptionsAuthOK
+const OptionsAuthOKCode int = 200
+
+/*OptionsAuthOK CORS
+
+swagger:response optionsAuthOK
+*/
+type OptionsAuthOK struct {
+	/*
+
+	 */
+	AccessControlAllowHeaders string `json:"Access-Control-Allow-Headers"`
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`
+}
+
+// NewOptionsAuthOK creates OptionsAuthOK with default headers values
+func NewOptionsAuthOK() *OptionsAuthOK {
+
+	return &OptionsAuthOK{}
+}
+
+// WithAccessControlAllowHeaders adds the accessControlAllowHeaders to the options auth o k response
+func (o *OptionsAuthOK) WithAccessControlAllowHeaders(accessControlAllowHeaders string) *OptionsAuthOK {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+	return o
+}
+
+// SetAccessControlAllowHeaders sets the accessControlAllowHeaders to the options auth o k response
+func (o *OptionsAuthOK) SetAccessControlAllowHeaders(accessControlAllowHeaders string) {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+}
+
+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the options auth o k response
+func (o *OptionsAuthOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *OptionsAuthOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the options auth o k response
+func (o *OptionsAuthOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
+// WriteResponse to the client
+func (o *OptionsAuthOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	// response header Access-Control-Allow-Headers
+
+	accessControlAllowHeaders := o.AccessControlAllowHeaders
+	if accessControlAllowHeaders != "" {
+		rw.Header().Set("Access-Control-Allow-Headers", accessControlAllowHeaders)
+	}
+
+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
--- a/gen/restapi/operations/options_containers_e_acl.go
+++ b/gen/restapi/operations/options_containers_e_acl.go
@ -0,0 +1,56 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// OptionsContainersEACLHandlerFunc turns a function with the right signature into a options containers e ACL handler
+type OptionsContainersEACLHandlerFunc func(OptionsContainersEACLParams) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn OptionsContainersEACLHandlerFunc) Handle(params OptionsContainersEACLParams) middleware.Responder {
+	return fn(params)
+}
+
+// OptionsContainersEACLHandler interface for that can handle valid options containers e ACL params
+type OptionsContainersEACLHandler interface {
+	Handle(OptionsContainersEACLParams) middleware.Responder
+}
+
+// NewOptionsContainersEACL creates a new http.Handler for the options containers e ACL operation
+func NewOptionsContainersEACL(ctx *middleware.Context, handler OptionsContainersEACLHandler) *OptionsContainersEACL {
+	return &OptionsContainersEACL{Context: ctx, Handler: handler}
+}
+
+/* OptionsContainersEACL swagger:route OPTIONS /containers/{containerId}/eacl optionsContainersEAcl
+
+OptionsContainersEACL options containers e ACL API
+
+*/
+type OptionsContainersEACL struct {
+	Context *middleware.Context
+	Handler OptionsContainersEACLHandler
+}
+
+func (o *OptionsContainersEACL) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewOptionsContainersEACLParams()
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/gen/restapi/operations/options_containers_e_acl_parameters.go
+++ b/gen/restapi/operations/options_containers_e_acl_parameters.go
@ -0,0 +1,71 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewOptionsContainersEACLParams creates a new OptionsContainersEACLParams object
+//
+// There are no default values defined in the spec.
+func NewOptionsContainersEACLParams() OptionsContainersEACLParams {
+
+	return OptionsContainersEACLParams{}
+}
+
+// OptionsContainersEACLParams contains all the bound params for the options containers e ACL operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters optionsContainersEACL
+type OptionsContainersEACLParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*Base58 encoded container id.
+	  Required: true
+	  In: path
+	*/
+	ContainerID string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewOptionsContainersEACLParams() beforehand.
+func (o *OptionsContainersEACLParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rContainerID, rhkContainerID, _ := route.Params.GetOK("containerId")
+	if err := o.bindContainerID(rContainerID, rhkContainerID, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindContainerID binds and validates parameter ContainerID from path.
+func (o *OptionsContainersEACLParams) bindContainerID(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.ContainerID = raw
+
+	return nil
+}
--- a/gen/restapi/operations/options_containers_e_acl_responses.go
+++ b/gen/restapi/operations/options_containers_e_acl_responses.go
@ -0,0 +1,102 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// OptionsContainersEACLOKCode is the HTTP code returned for type OptionsContainersEACLOK
+const OptionsContainersEACLOKCode int = 200
+
+/*OptionsContainersEACLOK CORS
+
+swagger:response optionsContainersEAclOK
+*/
+type OptionsContainersEACLOK struct {
+	/*
+
+	 */
+	AccessControlAllowHeaders string `json:"Access-Control-Allow-Headers"`
+	/*
+
+	 */
+	AccessControlAllowMethods string `json:"Access-Control-Allow-Methods"`
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`
+}
+
+// NewOptionsContainersEACLOK creates OptionsContainersEACLOK with default headers values
+func NewOptionsContainersEACLOK() *OptionsContainersEACLOK {
+
+	return &OptionsContainersEACLOK{}
+}
+
+// WithAccessControlAllowHeaders adds the accessControlAllowHeaders to the options containers e Acl o k response
+func (o *OptionsContainersEACLOK) WithAccessControlAllowHeaders(accessControlAllowHeaders string) *OptionsContainersEACLOK {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+	return o
+}
+
+// SetAccessControlAllowHeaders sets the accessControlAllowHeaders to the options containers e Acl o k response
+func (o *OptionsContainersEACLOK) SetAccessControlAllowHeaders(accessControlAllowHeaders string) {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+}
+
+// WithAccessControlAllowMethods adds the accessControlAllowMethods to the options containers e Acl o k response
+func (o *OptionsContainersEACLOK) WithAccessControlAllowMethods(accessControlAllowMethods string) *OptionsContainersEACLOK {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+	return o
+}
+
+// SetAccessControlAllowMethods sets the accessControlAllowMethods to the options containers e Acl o k response
+func (o *OptionsContainersEACLOK) SetAccessControlAllowMethods(accessControlAllowMethods string) {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+}
+
+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the options containers e Acl o k response
+func (o *OptionsContainersEACLOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *OptionsContainersEACLOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the options containers e Acl o k response
+func (o *OptionsContainersEACLOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
+// WriteResponse to the client
+func (o *OptionsContainersEACLOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	// response header Access-Control-Allow-Headers
+
+	accessControlAllowHeaders := o.AccessControlAllowHeaders
+	if accessControlAllowHeaders != "" {
+		rw.Header().Set("Access-Control-Allow-Headers", accessControlAllowHeaders)
+	}
+
+	// response header Access-Control-Allow-Methods
+
+	accessControlAllowMethods := o.AccessControlAllowMethods
+	if accessControlAllowMethods != "" {
+		rw.Header().Set("Access-Control-Allow-Methods", accessControlAllowMethods)
+	}
+
+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
--- a/gen/restapi/operations/options_containers_get_delete.go
+++ b/gen/restapi/operations/options_containers_get_delete.go
@ -0,0 +1,56 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// OptionsContainersGetDeleteHandlerFunc turns a function with the right signature into a options containers get delete handler
+type OptionsContainersGetDeleteHandlerFunc func(OptionsContainersGetDeleteParams) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn OptionsContainersGetDeleteHandlerFunc) Handle(params OptionsContainersGetDeleteParams) middleware.Responder {
+	return fn(params)
+}
+
+// OptionsContainersGetDeleteHandler interface for that can handle valid options containers get delete params
+type OptionsContainersGetDeleteHandler interface {
+	Handle(OptionsContainersGetDeleteParams) middleware.Responder
+}
+
+// NewOptionsContainersGetDelete creates a new http.Handler for the options containers get delete operation
+func NewOptionsContainersGetDelete(ctx *middleware.Context, handler OptionsContainersGetDeleteHandler) *OptionsContainersGetDelete {
+	return &OptionsContainersGetDelete{Context: ctx, Handler: handler}
+}
+
+/* OptionsContainersGetDelete swagger:route OPTIONS /containers/{containerId} optionsContainersGetDelete
+
+OptionsContainersGetDelete options containers get delete API
+
+*/
+type OptionsContainersGetDelete struct {
+	Context *middleware.Context
+	Handler OptionsContainersGetDeleteHandler
+}
+
+func (o *OptionsContainersGetDelete) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewOptionsContainersGetDeleteParams()
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/gen/restapi/operations/options_containers_get_delete_parameters.go
+++ b/gen/restapi/operations/options_containers_get_delete_parameters.go
@ -0,0 +1,71 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewOptionsContainersGetDeleteParams creates a new OptionsContainersGetDeleteParams object
+//
+// There are no default values defined in the spec.
+func NewOptionsContainersGetDeleteParams() OptionsContainersGetDeleteParams {
+
+	return OptionsContainersGetDeleteParams{}
+}
+
+// OptionsContainersGetDeleteParams contains all the bound params for the options containers get delete operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters optionsContainersGetDelete
+type OptionsContainersGetDeleteParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*Base58 encoded container id.
+	  Required: true
+	  In: path
+	*/
+	ContainerID string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewOptionsContainersGetDeleteParams() beforehand.
+func (o *OptionsContainersGetDeleteParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rContainerID, rhkContainerID, _ := route.Params.GetOK("containerId")
+	if err := o.bindContainerID(rContainerID, rhkContainerID, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindContainerID binds and validates parameter ContainerID from path.
+func (o *OptionsContainersGetDeleteParams) bindContainerID(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.ContainerID = raw
+
+	return nil
+}
--- a/gen/restapi/operations/options_containers_get_delete_responses.go
+++ b/gen/restapi/operations/options_containers_get_delete_responses.go
@ -0,0 +1,102 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// OptionsContainersGetDeleteOKCode is the HTTP code returned for type OptionsContainersGetDeleteOK
+const OptionsContainersGetDeleteOKCode int = 200
+
+/*OptionsContainersGetDeleteOK CORS
+
+swagger:response optionsContainersGetDeleteOK
+*/
+type OptionsContainersGetDeleteOK struct {
+	/*
+
+	 */
+	AccessControlAllowHeaders string `json:"Access-Control-Allow-Headers"`
+	/*
+
+	 */
+	AccessControlAllowMethods string `json:"Access-Control-Allow-Methods"`
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`
+}
+
+// NewOptionsContainersGetDeleteOK creates OptionsContainersGetDeleteOK with default headers values
+func NewOptionsContainersGetDeleteOK() *OptionsContainersGetDeleteOK {
+
+	return &OptionsContainersGetDeleteOK{}
+}
+
+// WithAccessControlAllowHeaders adds the accessControlAllowHeaders to the options containers get delete o k response
+func (o *OptionsContainersGetDeleteOK) WithAccessControlAllowHeaders(accessControlAllowHeaders string) *OptionsContainersGetDeleteOK {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+	return o
+}
+
+// SetAccessControlAllowHeaders sets the accessControlAllowHeaders to the options containers get delete o k response
+func (o *OptionsContainersGetDeleteOK) SetAccessControlAllowHeaders(accessControlAllowHeaders string) {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+}
+
+// WithAccessControlAllowMethods adds the accessControlAllowMethods to the options containers get delete o k response
+func (o *OptionsContainersGetDeleteOK) WithAccessControlAllowMethods(accessControlAllowMethods string) *OptionsContainersGetDeleteOK {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+	return o
+}
+
+// SetAccessControlAllowMethods sets the accessControlAllowMethods to the options containers get delete o k response
+func (o *OptionsContainersGetDeleteOK) SetAccessControlAllowMethods(accessControlAllowMethods string) {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+}
+
+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the options containers get delete o k response
+func (o *OptionsContainersGetDeleteOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *OptionsContainersGetDeleteOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the options containers get delete o k response
+func (o *OptionsContainersGetDeleteOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
+// WriteResponse to the client
+func (o *OptionsContainersGetDeleteOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	// response header Access-Control-Allow-Headers
+
+	accessControlAllowHeaders := o.AccessControlAllowHeaders
+	if accessControlAllowHeaders != "" {
+		rw.Header().Set("Access-Control-Allow-Headers", accessControlAllowHeaders)
+	}
+
+	// response header Access-Control-Allow-Methods
+
+	accessControlAllowMethods := o.AccessControlAllowMethods
+	if accessControlAllowMethods != "" {
+		rw.Header().Set("Access-Control-Allow-Methods", accessControlAllowMethods)
+	}
+
+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
--- a/gen/restapi/operations/options_containers_put_list.go
+++ b/gen/restapi/operations/options_containers_put_list.go
@ -0,0 +1,56 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// OptionsContainersPutListHandlerFunc turns a function with the right signature into a options containers put list handler
+type OptionsContainersPutListHandlerFunc func(OptionsContainersPutListParams) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn OptionsContainersPutListHandlerFunc) Handle(params OptionsContainersPutListParams) middleware.Responder {
+	return fn(params)
+}
+
+// OptionsContainersPutListHandler interface for that can handle valid options containers put list params
+type OptionsContainersPutListHandler interface {
+	Handle(OptionsContainersPutListParams) middleware.Responder
+}
+
+// NewOptionsContainersPutList creates a new http.Handler for the options containers put list operation
+func NewOptionsContainersPutList(ctx *middleware.Context, handler OptionsContainersPutListHandler) *OptionsContainersPutList {
+	return &OptionsContainersPutList{Context: ctx, Handler: handler}
+}
+
+/* OptionsContainersPutList swagger:route OPTIONS /containers optionsContainersPutList
+
+OptionsContainersPutList options containers put list API
+
+*/
+type OptionsContainersPutList struct {
+	Context *middleware.Context
+	Handler OptionsContainersPutListHandler
+}
+
+func (o *OptionsContainersPutList) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewOptionsContainersPutListParams()
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/gen/restapi/operations/options_containers_put_list_parameters.go
+++ b/gen/restapi/operations/options_containers_put_list_parameters.go
@ -0,0 +1,46 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// NewOptionsContainersPutListParams creates a new OptionsContainersPutListParams object
+//
+// There are no default values defined in the spec.
+func NewOptionsContainersPutListParams() OptionsContainersPutListParams {
+
+	return OptionsContainersPutListParams{}
+}
+
+// OptionsContainersPutListParams contains all the bound params for the options containers put list operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters optionsContainersPutList
+type OptionsContainersPutListParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewOptionsContainersPutListParams() beforehand.
+func (o *OptionsContainersPutListParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
--- a/gen/restapi/operations/options_containers_put_list_responses.go
+++ b/gen/restapi/operations/options_containers_put_list_responses.go
@ -0,0 +1,102 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// OptionsContainersPutListOKCode is the HTTP code returned for type OptionsContainersPutListOK
+const OptionsContainersPutListOKCode int = 200
+
+/*OptionsContainersPutListOK CORS
+
+swagger:response optionsContainersPutListOK
+*/
+type OptionsContainersPutListOK struct {
+	/*
+
+	 */
+	AccessControlAllowHeaders string `json:"Access-Control-Allow-Headers"`
+	/*
+
+	 */
+	AccessControlAllowMethods string `json:"Access-Control-Allow-Methods"`
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`
+}
+
+// NewOptionsContainersPutListOK creates OptionsContainersPutListOK with default headers values
+func NewOptionsContainersPutListOK() *OptionsContainersPutListOK {
+
+	return &OptionsContainersPutListOK{}
+}
+
+// WithAccessControlAllowHeaders adds the accessControlAllowHeaders to the options containers put list o k response
+func (o *OptionsContainersPutListOK) WithAccessControlAllowHeaders(accessControlAllowHeaders string) *OptionsContainersPutListOK {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+	return o
+}
+
+// SetAccessControlAllowHeaders sets the accessControlAllowHeaders to the options containers put list o k response
+func (o *OptionsContainersPutListOK) SetAccessControlAllowHeaders(accessControlAllowHeaders string) {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+}
+
+// WithAccessControlAllowMethods adds the accessControlAllowMethods to the options containers put list o k response
+func (o *OptionsContainersPutListOK) WithAccessControlAllowMethods(accessControlAllowMethods string) *OptionsContainersPutListOK {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+	return o
+}
+
+// SetAccessControlAllowMethods sets the accessControlAllowMethods to the options containers put list o k response
+func (o *OptionsContainersPutListOK) SetAccessControlAllowMethods(accessControlAllowMethods string) {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+}
+
+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the options containers put list o k response
+func (o *OptionsContainersPutListOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *OptionsContainersPutListOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the options containers put list o k response
+func (o *OptionsContainersPutListOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
+// WriteResponse to the client
+func (o *OptionsContainersPutListOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	// response header Access-Control-Allow-Headers
+
+	accessControlAllowHeaders := o.AccessControlAllowHeaders
+	if accessControlAllowHeaders != "" {
+		rw.Header().Set("Access-Control-Allow-Headers", accessControlAllowHeaders)
+	}
+
+	// response header Access-Control-Allow-Methods
+
+	accessControlAllowMethods := o.AccessControlAllowMethods
+	if accessControlAllowMethods != "" {
+		rw.Header().Set("Access-Control-Allow-Methods", accessControlAllowMethods)
+	}
+
+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
--- a/gen/restapi/operations/options_objects_get_delete.go
+++ b/gen/restapi/operations/options_objects_get_delete.go
@ -0,0 +1,56 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// OptionsObjectsGetDeleteHandlerFunc turns a function with the right signature into a options objects get delete handler
+type OptionsObjectsGetDeleteHandlerFunc func(OptionsObjectsGetDeleteParams) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn OptionsObjectsGetDeleteHandlerFunc) Handle(params OptionsObjectsGetDeleteParams) middleware.Responder {
+	return fn(params)
+}
+
+// OptionsObjectsGetDeleteHandler interface for that can handle valid options objects get delete params
+type OptionsObjectsGetDeleteHandler interface {
+	Handle(OptionsObjectsGetDeleteParams) middleware.Responder
+}
+
+// NewOptionsObjectsGetDelete creates a new http.Handler for the options objects get delete operation
+func NewOptionsObjectsGetDelete(ctx *middleware.Context, handler OptionsObjectsGetDeleteHandler) *OptionsObjectsGetDelete {
+	return &OptionsObjectsGetDelete{Context: ctx, Handler: handler}
+}
+
+/* OptionsObjectsGetDelete swagger:route OPTIONS /objects/{containerId}/{objectId} optionsObjectsGetDelete
+
+OptionsObjectsGetDelete options objects get delete API
+
+*/
+type OptionsObjectsGetDelete struct {
+	Context *middleware.Context
+	Handler OptionsObjectsGetDeleteHandler
+}
+
+func (o *OptionsObjectsGetDelete) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewOptionsObjectsGetDeleteParams()
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/gen/restapi/operations/options_objects_get_delete_parameters.go
+++ b/gen/restapi/operations/options_objects_get_delete_parameters.go
@ -0,0 +1,95 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewOptionsObjectsGetDeleteParams creates a new OptionsObjectsGetDeleteParams object
+//
+// There are no default values defined in the spec.
+func NewOptionsObjectsGetDeleteParams() OptionsObjectsGetDeleteParams {
+
+	return OptionsObjectsGetDeleteParams{}
+}
+
+// OptionsObjectsGetDeleteParams contains all the bound params for the options objects get delete operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters optionsObjectsGetDelete
+type OptionsObjectsGetDeleteParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*Base58 encoded container id.
+	  Required: true
+	  In: path
+	*/
+	ContainerID string
+	/*Base58 encoded object id.
+	  Required: true
+	  In: path
+	*/
+	ObjectID string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewOptionsObjectsGetDeleteParams() beforehand.
+func (o *OptionsObjectsGetDeleteParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rContainerID, rhkContainerID, _ := route.Params.GetOK("containerId")
+	if err := o.bindContainerID(rContainerID, rhkContainerID, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rObjectID, rhkObjectID, _ := route.Params.GetOK("objectId")
+	if err := o.bindObjectID(rObjectID, rhkObjectID, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindContainerID binds and validates parameter ContainerID from path.
+func (o *OptionsObjectsGetDeleteParams) bindContainerID(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.ContainerID = raw
+
+	return nil
+}
+
+// bindObjectID binds and validates parameter ObjectID from path.
+func (o *OptionsObjectsGetDeleteParams) bindObjectID(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.ObjectID = raw
+
+	return nil
+}
--- a/gen/restapi/operations/options_objects_get_delete_responses.go
+++ b/gen/restapi/operations/options_objects_get_delete_responses.go
@ -0,0 +1,102 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// OptionsObjectsGetDeleteOKCode is the HTTP code returned for type OptionsObjectsGetDeleteOK
+const OptionsObjectsGetDeleteOKCode int = 200
+
+/*OptionsObjectsGetDeleteOK CORS
+
+swagger:response optionsObjectsGetDeleteOK
+*/
+type OptionsObjectsGetDeleteOK struct {
+	/*
+
+	 */
+	AccessControlAllowHeaders string `json:"Access-Control-Allow-Headers"`
+	/*
+
+	 */
+	AccessControlAllowMethods string `json:"Access-Control-Allow-Methods"`
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`
+}
+
+// NewOptionsObjectsGetDeleteOK creates OptionsObjectsGetDeleteOK with default headers values
+func NewOptionsObjectsGetDeleteOK() *OptionsObjectsGetDeleteOK {
+
+	return &OptionsObjectsGetDeleteOK{}
+}
+
+// WithAccessControlAllowHeaders adds the accessControlAllowHeaders to the options objects get delete o k response
+func (o *OptionsObjectsGetDeleteOK) WithAccessControlAllowHeaders(accessControlAllowHeaders string) *OptionsObjectsGetDeleteOK {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+	return o
+}
+
+// SetAccessControlAllowHeaders sets the accessControlAllowHeaders to the options objects get delete o k response
+func (o *OptionsObjectsGetDeleteOK) SetAccessControlAllowHeaders(accessControlAllowHeaders string) {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+}
+
+// WithAccessControlAllowMethods adds the accessControlAllowMethods to the options objects get delete o k response
+func (o *OptionsObjectsGetDeleteOK) WithAccessControlAllowMethods(accessControlAllowMethods string) *OptionsObjectsGetDeleteOK {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+	return o
+}
+
+// SetAccessControlAllowMethods sets the accessControlAllowMethods to the options objects get delete o k response
+func (o *OptionsObjectsGetDeleteOK) SetAccessControlAllowMethods(accessControlAllowMethods string) {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+}
+
+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the options objects get delete o k response
+func (o *OptionsObjectsGetDeleteOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *OptionsObjectsGetDeleteOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the options objects get delete o k response
+func (o *OptionsObjectsGetDeleteOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
+// WriteResponse to the client
+func (o *OptionsObjectsGetDeleteOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	// response header Access-Control-Allow-Headers
+
+	accessControlAllowHeaders := o.AccessControlAllowHeaders
+	if accessControlAllowHeaders != "" {
+		rw.Header().Set("Access-Control-Allow-Headers", accessControlAllowHeaders)
+	}
+
+	// response header Access-Control-Allow-Methods
+
+	accessControlAllowMethods := o.AccessControlAllowMethods
+	if accessControlAllowMethods != "" {
+		rw.Header().Set("Access-Control-Allow-Methods", accessControlAllowMethods)
+	}
+
+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
--- a/gen/restapi/operations/options_objects_put.go
+++ b/gen/restapi/operations/options_objects_put.go
@ -0,0 +1,56 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// OptionsObjectsPutHandlerFunc turns a function with the right signature into a options objects put handler
+type OptionsObjectsPutHandlerFunc func(OptionsObjectsPutParams) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn OptionsObjectsPutHandlerFunc) Handle(params OptionsObjectsPutParams) middleware.Responder {
+	return fn(params)
+}
+
+// OptionsObjectsPutHandler interface for that can handle valid options objects put params
+type OptionsObjectsPutHandler interface {
+	Handle(OptionsObjectsPutParams) middleware.Responder
+}
+
+// NewOptionsObjectsPut creates a new http.Handler for the options objects put operation
+func NewOptionsObjectsPut(ctx *middleware.Context, handler OptionsObjectsPutHandler) *OptionsObjectsPut {
+	return &OptionsObjectsPut{Context: ctx, Handler: handler}
+}
+
+/* OptionsObjectsPut swagger:route OPTIONS /objects optionsObjectsPut
+
+OptionsObjectsPut options objects put API
+
+*/
+type OptionsObjectsPut struct {
+	Context *middleware.Context
+	Handler OptionsObjectsPutHandler
+}
+
+func (o *OptionsObjectsPut) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewOptionsObjectsPutParams()
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/gen/restapi/operations/options_objects_put_parameters.go
+++ b/gen/restapi/operations/options_objects_put_parameters.go
@ -0,0 +1,46 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// NewOptionsObjectsPutParams creates a new OptionsObjectsPutParams object
+//
+// There are no default values defined in the spec.
+func NewOptionsObjectsPutParams() OptionsObjectsPutParams {
+
+	return OptionsObjectsPutParams{}
+}
+
+// OptionsObjectsPutParams contains all the bound params for the options objects put operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters optionsObjectsPut
+type OptionsObjectsPutParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewOptionsObjectsPutParams() beforehand.
+func (o *OptionsObjectsPutParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
--- a/gen/restapi/operations/options_objects_put_responses.go
+++ b/gen/restapi/operations/options_objects_put_responses.go
@ -0,0 +1,102 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// OptionsObjectsPutOKCode is the HTTP code returned for type OptionsObjectsPutOK
+const OptionsObjectsPutOKCode int = 200
+
+/*OptionsObjectsPutOK CORS
+
+swagger:response optionsObjectsPutOK
+*/
+type OptionsObjectsPutOK struct {
+	/*
+
+	 */
+	AccessControlAllowHeaders string `json:"Access-Control-Allow-Headers"`
+	/*
+
+	 */
+	AccessControlAllowMethods string `json:"Access-Control-Allow-Methods"`
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`
+}
+
+// NewOptionsObjectsPutOK creates OptionsObjectsPutOK with default headers values
+func NewOptionsObjectsPutOK() *OptionsObjectsPutOK {
+
+	return &OptionsObjectsPutOK{}
+}
+
+// WithAccessControlAllowHeaders adds the accessControlAllowHeaders to the options objects put o k response
+func (o *OptionsObjectsPutOK) WithAccessControlAllowHeaders(accessControlAllowHeaders string) *OptionsObjectsPutOK {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+	return o
+}
+
+// SetAccessControlAllowHeaders sets the accessControlAllowHeaders to the options objects put o k response
+func (o *OptionsObjectsPutOK) SetAccessControlAllowHeaders(accessControlAllowHeaders string) {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+}
+
+// WithAccessControlAllowMethods adds the accessControlAllowMethods to the options objects put o k response
+func (o *OptionsObjectsPutOK) WithAccessControlAllowMethods(accessControlAllowMethods string) *OptionsObjectsPutOK {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+	return o
+}
+
+// SetAccessControlAllowMethods sets the accessControlAllowMethods to the options objects put o k response
+func (o *OptionsObjectsPutOK) SetAccessControlAllowMethods(accessControlAllowMethods string) {
+	o.AccessControlAllowMethods = accessControlAllowMethods
+}
+
+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the options objects put o k response
+func (o *OptionsObjectsPutOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *OptionsObjectsPutOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the options objects put o k response
+func (o *OptionsObjectsPutOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
+// WriteResponse to the client
+func (o *OptionsObjectsPutOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	// response header Access-Control-Allow-Headers
+
+	accessControlAllowHeaders := o.AccessControlAllowHeaders
+	if accessControlAllowHeaders != "" {
+		rw.Header().Set("Access-Control-Allow-Headers", accessControlAllowHeaders)
+	}
+
+	// response header Access-Control-Allow-Methods
+
+	accessControlAllowMethods := o.AccessControlAllowMethods
+	if accessControlAllowMethods != "" {
+		rw.Header().Set("Access-Control-Allow-Methods", accessControlAllowMethods)
+	}
+
+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
--- a/gen/restapi/operations/options_objects_search.go
+++ b/gen/restapi/operations/options_objects_search.go
@ -0,0 +1,56 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// OptionsObjectsSearchHandlerFunc turns a function with the right signature into a options objects search handler
+type OptionsObjectsSearchHandlerFunc func(OptionsObjectsSearchParams) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn OptionsObjectsSearchHandlerFunc) Handle(params OptionsObjectsSearchParams) middleware.Responder {
+	return fn(params)
+}
+
+// OptionsObjectsSearchHandler interface for that can handle valid options objects search params
+type OptionsObjectsSearchHandler interface {
+	Handle(OptionsObjectsSearchParams) middleware.Responder
+}
+
+// NewOptionsObjectsSearch creates a new http.Handler for the options objects search operation
+func NewOptionsObjectsSearch(ctx *middleware.Context, handler OptionsObjectsSearchHandler) *OptionsObjectsSearch {
+	return &OptionsObjectsSearch{Context: ctx, Handler: handler}
+}
+
+/* OptionsObjectsSearch swagger:route OPTIONS /objects/{containerId}/search optionsObjectsSearch
+
+OptionsObjectsSearch options objects search API
+
+*/
+type OptionsObjectsSearch struct {
+	Context *middleware.Context
+	Handler OptionsObjectsSearchHandler
+}
+
+func (o *OptionsObjectsSearch) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewOptionsObjectsSearchParams()
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/gen/restapi/operations/options_objects_search_parameters.go
+++ b/gen/restapi/operations/options_objects_search_parameters.go
@ -0,0 +1,71 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewOptionsObjectsSearchParams creates a new OptionsObjectsSearchParams object
+//
+// There are no default values defined in the spec.
+func NewOptionsObjectsSearchParams() OptionsObjectsSearchParams {
+
+	return OptionsObjectsSearchParams{}
+}
+
+// OptionsObjectsSearchParams contains all the bound params for the options objects search operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters optionsObjectsSearch
+type OptionsObjectsSearchParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*Base58 encoded container id.
+	  Required: true
+	  In: path
+	*/
+	ContainerID string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewOptionsObjectsSearchParams() beforehand.
+func (o *OptionsObjectsSearchParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rContainerID, rhkContainerID, _ := route.Params.GetOK("containerId")
+	if err := o.bindContainerID(rContainerID, rhkContainerID, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindContainerID binds and validates parameter ContainerID from path.
+func (o *OptionsObjectsSearchParams) bindContainerID(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.ContainerID = raw
+
+	return nil
+}
--- a/gen/restapi/operations/options_objects_search_responses.go
+++ b/gen/restapi/operations/options_objects_search_responses.go
@ -0,0 +1,80 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package operations
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// OptionsObjectsSearchOKCode is the HTTP code returned for type OptionsObjectsSearchOK
+const OptionsObjectsSearchOKCode int = 200
+
+/*OptionsObjectsSearchOK Base64 encoded stable binary marshaled bearer token.
+
+swagger:response optionsObjectsSearchOK
+*/
+type OptionsObjectsSearchOK struct {
+	/*
+
+	 */
+	AccessControlAllowHeaders string `json:"Access-Control-Allow-Headers"`
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`
+}
+
+// NewOptionsObjectsSearchOK creates OptionsObjectsSearchOK with default headers values
+func NewOptionsObjectsSearchOK() *OptionsObjectsSearchOK {
+
+	return &OptionsObjectsSearchOK{}
+}
+
+// WithAccessControlAllowHeaders adds the accessControlAllowHeaders to the options objects search o k response
+func (o *OptionsObjectsSearchOK) WithAccessControlAllowHeaders(accessControlAllowHeaders string) *OptionsObjectsSearchOK {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+	return o
+}
+
+// SetAccessControlAllowHeaders sets the accessControlAllowHeaders to the options objects search o k response
+func (o *OptionsObjectsSearchOK) SetAccessControlAllowHeaders(accessControlAllowHeaders string) {
+	o.AccessControlAllowHeaders = accessControlAllowHeaders
+}
+
+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the options objects search o k response
+func (o *OptionsObjectsSearchOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *OptionsObjectsSearchOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the options objects search o k response
+func (o *OptionsObjectsSearchOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
+// WriteResponse to the client
+func (o *OptionsObjectsSearchOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	// response header Access-Control-Allow-Headers
+
+	accessControlAllowHeaders := o.AccessControlAllowHeaders
+	if accessControlAllowHeaders != "" {
+		rw.Header().Set("Access-Control-Allow-Headers", accessControlAllowHeaders)
+	}
+
+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
--- a/gen/restapi/operations/put_container_e_acl_responses.go
+++ b/gen/restapi/operations/put_container_e_acl_responses.go
@ -21,6 +21,10 @@ const PutContainerEACLOKCode int = 200
 swagger:response putContainerEAclOK
 */
 type PutContainerEACLOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewPutContainerEACLOK() *PutContainerEACLOK {
 	return &PutContainerEACLOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the put container e Acl o k response
+func (o *PutContainerEACLOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *PutContainerEACLOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the put container e Acl o k response
+func (o *PutContainerEACLOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the put container e Acl o k response
 func (o *PutContainerEACLOK) WithPayload(payload *models.SuccessResponse) *PutContainerEACLOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *PutContainerEACLOK) SetPayload(payload *models.SuccessResponse) {
 // WriteResponse to the client
 func (o *PutContainerEACLOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/put_container_responses.go
+++ b/gen/restapi/operations/put_container_responses.go
@ -21,6 +21,10 @@ const PutContainerOKCode int = 200
 swagger:response putContainerOK
 */
 type PutContainerOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewPutContainerOK() *PutContainerOK {
 	return &PutContainerOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the put container o k response
+func (o *PutContainerOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *PutContainerOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the put container o k response
+func (o *PutContainerOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the put container o k response
 func (o *PutContainerOK) WithPayload(payload *PutContainerOKBody) *PutContainerOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *PutContainerOK) SetPayload(payload *PutContainerOKBody) {
 // WriteResponse to the client
 func (o *PutContainerOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/put_object_responses.go
+++ b/gen/restapi/operations/put_object_responses.go
@ -21,6 +21,10 @@ const PutObjectOKCode int = 200
 swagger:response putObjectOK
 */
 type PutObjectOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewPutObjectOK() *PutObjectOK {
 	return &PutObjectOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the put object o k response
+func (o *PutObjectOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *PutObjectOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the put object o k response
+func (o *PutObjectOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the put object o k response
 func (o *PutObjectOK) WithPayload(payload *models.Address) *PutObjectOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *PutObjectOK) SetPayload(payload *models.Address) {
 // WriteResponse to the client
 func (o *PutObjectOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/gen/restapi/operations/search_objects_responses.go
+++ b/gen/restapi/operations/search_objects_responses.go
@ -21,6 +21,10 @@ const SearchObjectsOKCode int = 200
 swagger:response searchObjectsOK
 */
 type SearchObjectsOK struct {
+	/*
+
+	 */
+	AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"`

 	/*
 	  In: Body
@ -34,6 +38,17 @@ func NewSearchObjectsOK() *SearchObjectsOK {
 	return &SearchObjectsOK{}
 }

+// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the search objects o k response
+func (o *SearchObjectsOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *SearchObjectsOK {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+	return o
+}
+
+// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the search objects o k response
+func (o *SearchObjectsOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) {
+	o.AccessControlAllowOrigin = accessControlAllowOrigin
+}
+
 // WithPayload adds the payload to the search objects o k response
 func (o *SearchObjectsOK) WithPayload(payload *models.ObjectList) *SearchObjectsOK {
 	o.Payload = payload
@ -48,6 +63,13 @@ func (o *SearchObjectsOK) SetPayload(payload *models.ObjectList) {
 // WriteResponse to the client
 func (o *SearchObjectsOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

+	// response header Access-Control-Allow-Origin
+
+	accessControlAllowOrigin := o.AccessControlAllowOrigin
+	if accessControlAllowOrigin != "" {
+		rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin)
+	}
+
 	rw.WriteHeader(200)
 	if o.Payload != nil {
 		payload := o.Payload
--- a/handlers/api.go
+++ b/handlers/api.go
@ -78,21 +78,32 @@ func (a *API) Configure(api *operations.NeofsRestGwAPI) http.Handler {

 	api.UseSwaggerUI()

+	api.OptionsAuthHandler = operations.OptionsAuthHandlerFunc(a.OptionsAuth)
 	api.AuthHandler = operations.AuthHandlerFunc(a.PostAuth)

 	api.GetBalanceHandler = operations.GetBalanceHandlerFunc(a.Balance)

+	api.OptionsObjectsPutHandler = operations.OptionsObjectsPutHandlerFunc(a.OptionsObjectsPut)
 	api.PutObjectHandler = operations.PutObjectHandlerFunc(a.PutObjects)
+
+	api.OptionsObjectsGetDeleteHandler = operations.OptionsObjectsGetDeleteHandlerFunc(a.OptionsObjectsGetDelete)
 	api.GetObjectInfoHandler = operations.GetObjectInfoHandlerFunc(a.GetObjectInfo)
 	api.DeleteObjectHandler = operations.DeleteObjectHandlerFunc(a.DeleteObject)
+
+	api.OptionsObjectsSearchHandler = operations.OptionsObjectsSearchHandlerFunc(a.OptionsObjectSearch)
 	api.SearchObjectsHandler = operations.SearchObjectsHandlerFunc(a.SearchObjects)

+	api.OptionsContainersPutListHandler = operations.OptionsContainersPutListHandlerFunc(a.OptionsContainersPutList)
 	api.PutContainerHandler = operations.PutContainerHandlerFunc(a.PutContainers)
+	api.ListContainersHandler = operations.ListContainersHandlerFunc(a.ListContainer)
+
+	api.OptionsContainersGetDeleteHandler = operations.OptionsContainersGetDeleteHandlerFunc(a.OptionsContainersGetDelete)
 	api.GetContainerHandler = operations.GetContainerHandlerFunc(a.GetContainer)
 	api.DeleteContainerHandler = operations.DeleteContainerHandlerFunc(a.DeleteContainer)
+
+	api.OptionsContainersEACLHandler = operations.OptionsContainersEACLHandlerFunc(a.OptionsContainersEACL)
 	api.PutContainerEACLHandler = operations.PutContainerEACLHandlerFunc(a.PutContainerEACL)
 	api.GetContainerEACLHandler = operations.GetContainerEACLHandlerFunc(a.GetContainerEACL)
-	api.ListContainersHandler = operations.ListContainersHandlerFunc(a.ListContainer)

 	api.BearerAuthAuth = func(s string) (*models.Principal, error) {
 		if !strings.HasPrefix(s, BearerPrefix) {
--- a/handlers/auth.go
+++ b/handlers/auth.go
@ -97,7 +97,9 @@ func (a *API) PostAuth(params operations.AuthParams) middleware.Responder {
 		}
 	}

-	return operations.NewAuthOK().WithPayload(response)
+	return operations.NewAuthOK().
+		WithPayload(response).
+		WithAccessControlAllowOrigin("*")
 }

 func prepareObjectToken(ctx context.Context, params objectTokenParams, pool *pool.Pool, owner user.ID) (*models.TokenResponse, error) {
--- a/handlers/balance.go
+++ b/handlers/balance.go
@ -33,5 +33,7 @@ func (a *API) Balance(params operations.GetBalanceParams) middleware.Responder {
 	resp.Value = util.NewString(strconv.FormatInt(neofsBalance.Value(), 10))
 	resp.Precision = util.NewInteger(int64(neofsBalance.Precision()))

-	return operations.NewGetBalanceOK().WithPayload(&resp)
+	return operations.NewGetBalanceOK().
+		WithPayload(&resp).
+		WithAccessControlAllowOrigin("*")
 }
--- a/handlers/containers.go
+++ b/handlers/containers.go
@ -60,7 +60,9 @@ func (a *API) PutContainers(params operations.PutContainerParams, principal *mod
 	var resp operations.PutContainerOKBody
 	resp.ContainerID = util.NewString(cnrID.EncodeToString())

-	return operations.NewPutContainerOK().WithPayload(&resp)
+	return operations.NewPutContainerOK().
+		WithPayload(&resp).
+		WithAccessControlAllowOrigin("*")
 }

 // GetContainer handler that returns container info.
@ -77,7 +79,9 @@ func (a *API) GetContainer(params operations.GetContainerParams) middleware.Resp
 		return operations.NewGetContainerBadRequest().WithPayload(resp)
 	}

-	return operations.NewGetContainerOK().WithPayload(cnrInfo)
+	return operations.NewGetContainerOK().
+		WithPayload(cnrInfo).
+		WithAccessControlAllowOrigin("*")
 }

 // PutContainerEACL handler that update container eacl.
@ -107,7 +111,9 @@ func (a *API) PutContainerEACL(params operations.PutContainerEACLParams, princip
 		return operations.NewPutContainerEACLBadRequest().WithPayload(resp)
 	}

-	return operations.NewPutContainerEACLOK().WithPayload(util.NewSuccessResponse())
+	return operations.NewPutContainerEACLOK().
+		WithPayload(util.NewSuccessResponse()).
+		WithAccessControlAllowOrigin("*")
 }

 // GetContainerEACL handler that returns container eacl.
@ -124,7 +130,9 @@ func (a *API) GetContainerEACL(params operations.GetContainerEACLParams) middlew
 		return operations.NewGetContainerEACLBadRequest().WithPayload(errResp)
 	}

-	return operations.NewGetContainerEACLOK().WithPayload(resp)
+	return operations.NewGetContainerEACLOK().
+		WithPayload(resp).
+		WithAccessControlAllowOrigin("*")
 }

 // ListContainer handler that returns containers.
@ -154,7 +162,9 @@ func (a *API) ListContainer(params operations.ListContainersParams) middleware.R
 			Size:       util.NewInteger(0),
 			Containers: []*models.ContainerInfo{},
 		}
-		return operations.NewListContainersOK().WithPayload(res)
+		return operations.NewListContainersOK().
+			WithPayload(res).
+			WithAccessControlAllowOrigin("*")
 	}

 	if offset+size > len(ids) {
@ -175,7 +185,9 @@ func (a *API) ListContainer(params operations.ListContainersParams) middleware.R
 		res.Containers = append(res.Containers, cnrInfo)
 	}

-	return operations.NewListContainersOK().WithPayload(res)
+	return operations.NewListContainersOK().
+		WithPayload(res).
+		WithAccessControlAllowOrigin("*")
 }

 // DeleteContainer handler that returns container info.
@ -209,7 +221,9 @@ func (a *API) DeleteContainer(params operations.DeleteContainerParams, principal
 		return operations.NewDeleteContainerBadRequest().WithPayload(resp)
 	}

-	return operations.NewDeleteContainerOK().WithPayload(util.NewSuccessResponse())
+	return operations.NewDeleteContainerOK().
+		WithPayload(util.NewSuccessResponse()).
+		WithAccessControlAllowOrigin("*")
 }

 func getContainerInfo(ctx context.Context, p *pool.Pool, cnrID cid.ID) (*models.ContainerInfo, error) {
--- a/handlers/objects.go
+++ b/handlers/objects.go
@ -79,7 +79,9 @@ func (a *API) PutObjects(params operations.PutObjectParams, principal *models.Pr
 	resp.ContainerID = params.Object.ContainerID
 	resp.ObjectID = util.NewString(objID.String())

-	return operations.NewPutObjectOK().WithPayload(&resp)
+	return operations.NewPutObjectOK().
+		WithPayload(&resp).
+		WithAccessControlAllowOrigin("*")
 }

 // GetObjectInfo handler that get object info.
@ -173,7 +175,9 @@ func (a *API) GetObjectInfo(params operations.GetObjectInfoParams, principal *mo
 	resp.Payload = sb.String()
 	resp.PayloadSize = util.NewInteger(payloadSize)

-	return operations.NewGetObjectInfoOK().WithPayload(&resp)
+	return operations.NewGetObjectInfoOK().
+		WithPayload(&resp).
+		WithAccessControlAllowOrigin("*")
 }

 // DeleteObject handler that removes object from NeoFS.
@ -202,7 +206,9 @@ func (a *API) DeleteObject(params operations.DeleteObjectParams, principal *mode
 		return errorResponse.WithPayload(resp)
 	}

-	return operations.NewDeleteObjectOK().WithPayload(util.NewSuccessResponse())
+	return operations.NewDeleteObjectOK().
+		WithPayload(util.NewSuccessResponse()).
+		WithAccessControlAllowOrigin("*")
 }

 // SearchObjects handler that removes object from NeoFS.
@ -274,7 +280,9 @@ func (a *API) SearchObjects(params operations.SearchObjectsParams, principal *mo
 		Objects: objects,
 	}

-	return operations.NewSearchObjectsOK().WithPayload(list)
+	return operations.NewSearchObjectsOK().
+		WithPayload(list).
+		WithAccessControlAllowOrigin("*")
 }

 func headObjectBaseInfo(ctx context.Context, p *pool.Pool, cnrID cid.ID, objID oid.ID, btoken bearer.Token) (*models.ObjectBaseInfo, error) {
--- a/handlers/preflight.go
+++ b/handlers/preflight.go
@ -0,0 +1,59 @@
+package handlers
+
+import (
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/nspcc-dev/neofs-rest-gw/gen/restapi/operations"
+)
+
+const (
+	allOrigins   = "*"
+	allowMethods = "PUT, DELETE"
+	allowHeaders = "X-Bearer-Owner-Id, X-Bearer-Signature, X-Bearer-Signature-Key, Content-Type, Authorization"
+)
+
+func (a *API) OptionsAuth(operations.OptionsAuthParams) middleware.Responder {
+	return operations.NewOptionsAuthOK().
+		WithAccessControlAllowOrigin(allOrigins).
+		WithAccessControlAllowHeaders(allowHeaders)
+}
+
+func (a *API) OptionsObjectSearch(operations.OptionsObjectsSearchParams) middleware.Responder {
+	return operations.NewOptionsObjectsSearchOK().
+		WithAccessControlAllowOrigin(allOrigins).
+		WithAccessControlAllowHeaders(allowHeaders)
+}
+
+func (a *API) OptionsObjectsPut(operations.OptionsObjectsPutParams) middleware.Responder {
+	return operations.NewOptionsObjectsPutOK().
+		WithAccessControlAllowOrigin(allOrigins).
+		WithAccessControlAllowHeaders(allowHeaders).
+		WithAccessControlAllowMethods(allowMethods)
+}
+
+func (a *API) OptionsObjectsGetDelete(operations.OptionsObjectsGetDeleteParams) middleware.Responder {
+	return operations.NewOptionsObjectsGetDeleteOK().
+		WithAccessControlAllowOrigin(allOrigins).
+		WithAccessControlAllowHeaders(allowHeaders).
+		WithAccessControlAllowMethods(allowMethods)
+}
+
+func (a *API) OptionsContainersPutList(operations.OptionsContainersPutListParams) middleware.Responder {
+	return operations.NewOptionsContainersPutListOK().
+		WithAccessControlAllowOrigin(allOrigins).
+		WithAccessControlAllowHeaders(allowHeaders).
+		WithAccessControlAllowMethods(allowMethods)
+}
+
+func (a *API) OptionsContainersGetDelete(operations.OptionsContainersGetDeleteParams) middleware.Responder {
+	return operations.NewOptionsContainersGetDeleteOK().
+		WithAccessControlAllowOrigin(allOrigins).
+		WithAccessControlAllowHeaders(allowHeaders).
+		WithAccessControlAllowMethods(allowMethods)
+}
+
+func (a *API) OptionsContainersEACL(operations.OptionsContainersEACLParams) middleware.Responder {
+	return operations.NewOptionsContainersEACLOK().
+		WithAccessControlAllowOrigin(allOrigins).
+		WithAccessControlAllowHeaders(allowHeaders).
+		WithAccessControlAllowMethods(allowMethods)
+}
--- a/internal/util/transformers.go
+++ b/internal/util/transformers.go
@ -432,11 +432,6 @@ func NewBool(val bool) *bool {
 	return &val
 }

-// NewError wraps error into models.Error.
-func NewError(err error) models.Error {
-	return models.Error(err.Error())
-}
-
 // NewSuccessResponse forms model.SuccessResponse.
 func NewSuccessResponse() *models.SuccessResponse {
 	return &models.SuccessResponse{
--- a/spec/rest.yaml
+++ b/spec/rest.yaml
@ -53,6 +53,17 @@ parameters:

 paths:
  /auth:
+    options:
+      operationId: optionsAuth
+      security: [ ]
+      responses:
+        200:
+          description: CORS
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
+            Access-Control-Allow-Headers:
+              type: string
    post:
      operationId: auth
      summary: Form bearer token to further requests
@ -83,6 +94,9 @@ paths:
      responses:
        200:
          description: Base64 encoded stable binary marshaled bearer token.
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          schema:
            type: array
            items:
@ -111,20 +125,35 @@ paths:
          description: Balance of address in NeoFS
          schema:
            $ref: '#/definitions/Balance'
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
        400:
          description: Bad request
          schema:
            $ref: '#/definitions/ErrorResponse'

  /objects:
-    parameters:
-      - $ref: '#/parameters/signatureParam'
-      - $ref: '#/parameters/signatureKeyParam'
-      - $ref: '#/parameters/signatureScheme'
+    options:
+      operationId: optionsObjectsPut
+      security: [ ]
+      responses:
+        200:
+          description: CORS
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
+            Access-Control-Allow-Headers:
+              type: string
+            Access-Control-Allow-Methods:
+              type: string
    put:
      operationId: putObject
      summary: Upload object to NeoFS
      parameters:
+        - $ref: '#/parameters/signatureParam'
+        - $ref: '#/parameters/signatureKeyParam'
+        - $ref: '#/parameters/signatureScheme'
        - in: body
          required: true
          name: object
@ -137,6 +166,9 @@ paths:
        - application/json
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: Address of uploaded objects
          schema:
            $ref: '#/definitions/Address'
@ -147,14 +179,25 @@ paths:

  /objects/{containerId}/search:
    parameters:
-      - $ref: '#/parameters/signatureParam'
-      - $ref: '#/parameters/signatureKeyParam'
-      - $ref: '#/parameters/signatureScheme'
      - $ref: '#/parameters/containerId'
+    options:
+      operationId: optionsObjectsSearch
+      security: []
+      responses:
+        200:
+          description: Base64 encoded stable binary marshaled bearer token.
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
+            Access-Control-Allow-Headers:
+              type: string
    post:
      operationId: searchObjects
      summary: Search objects by filters
      parameters:
+        - $ref: '#/parameters/signatureParam'
+        - $ref: '#/parameters/signatureKeyParam'
+        - $ref: '#/parameters/signatureScheme'
        - in: query
          name: offset
          type: integer
@ -176,6 +219,9 @@ paths:
            $ref: '#/definitions/SearchFilters'
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: List of objects
          schema:
            $ref: '#/definitions/ObjectList'
@ -186,15 +232,28 @@ paths:

  /objects/{containerId}/{objectId}:
    parameters:
-      - $ref: '#/parameters/signatureParam'
-      - $ref: '#/parameters/signatureKeyParam'
-      - $ref: '#/parameters/signatureScheme'
      - $ref: '#/parameters/containerId'
      - $ref: '#/parameters/objectId'
+    options:
+      operationId: optionsObjectsGetDelete
+      security: [ ]
+      responses:
+        200:
+          description: CORS
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
+            Access-Control-Allow-Headers:
+              type: string
+            Access-Control-Allow-Methods:
+              type: string
    get:
      operationId: getObjectInfo
      summary: Get object info by address
      parameters:
+        - $ref: '#/parameters/signatureParam'
+        - $ref: '#/parameters/signatureKeyParam'
+        - $ref: '#/parameters/signatureScheme'
        - in: query
          name: range-offset
          type: integer
@ -216,6 +275,9 @@ paths:
            If the actual size is greater than this params the payload won't be included in the response.
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: Object info
          schema:
            $ref: '#/definitions/ObjectInfo'
@ -226,8 +288,15 @@ paths:
    delete:
      operationId: deleteObject
      summary: Remove object from NeoFS
+      parameters:
+        - $ref: '#/parameters/signatureParam'
+        - $ref: '#/parameters/signatureKeyParam'
+        - $ref: '#/parameters/signatureScheme'
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: Successful deletion.
          schema:
            $ref: '#/definitions/SuccessResponse'
@ -237,6 +306,19 @@ paths:
            $ref: '#/definitions/ErrorResponse'

  /containers:
+    options:
+      operationId: optionsContainersPutList
+      security: [ ]
+      responses:
+        200:
+          description: CORS
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
+            Access-Control-Allow-Headers:
+              type: string
+            Access-Control-Allow-Methods:
+              type: string
    put:
      operationId: putContainer
      summary: Create new container in NeoFS
@ -257,6 +339,9 @@ paths:
            $ref: '#/definitions/ContainerPutInfo'
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: Identifier of the created container.
          schema:
            type: object
@ -296,6 +381,9 @@ paths:
          description: The numbers of containers to return.
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: Containers info.
          schema:
            $ref: '#/definitions/ContainerList'
@ -307,12 +395,28 @@ paths:
  /containers/{containerId}:
    parameters:
      - $ref: '#/parameters/containerId'
+    options:
+      operationId: optionsContainersGetDelete
+      security: [ ]
+      responses:
+        200:
+          description: CORS
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
+            Access-Control-Allow-Headers:
+              type: string
+            Access-Control-Allow-Methods:
+              type: string
    get:
      operationId: getContainer
      summary: Get container by id
      security: [ ]
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: Container info.
          schema:
            $ref: '#/definitions/ContainerInfo'
@ -329,6 +433,9 @@ paths:
        - $ref: '#/parameters/signatureScheme'
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: Successful deletion.
          schema:
            $ref: '#/definitions/SuccessResponse'
@ -336,9 +443,23 @@ paths:
          description: Bad request.
          schema:
            $ref: '#/definitions/ErrorResponse'
+
  /containers/{containerId}/eacl:
    parameters:
      - $ref: '#/parameters/containerId'
+    options:
+      operationId: optionsContainersEACL
+      security: [ ]
+      responses:
+        200:
+          description: CORS
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
+            Access-Control-Allow-Headers:
+              type: string
+            Access-Control-Allow-Methods:
+              type: string
    put:
      operationId: putContainerEACL
      summary: Set container EACL by id
@ -354,6 +475,9 @@ paths:
            $ref: '#/definitions/Eacl'
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: Successful EACL updating.
          schema:
            $ref: '#/definitions/SuccessResponse'
@ -367,6 +491,9 @@ paths:
      security: [ ]
      responses:
        200:
+          headers:
+            Access-Control-Allow-Origin:
+              type: string
          description: Container EACL information.
          schema:
            $ref: '#/definitions/Eacl'