HomeRackspace Cloud Files™ Developer Guide  - API v1 Atom feed of this document

 13.3.2. CORS headers for objects

You can set object-level headers for CORS. Currently, using object-level headers enables CORS to work over a CDN (Section 2.7: “CDN-enabled containers”).

The following table lists the object-level headers:

Table 13.2. CORS object-level headers
Access-Control-Allow-Origin Specifies the origins that are allowed to make cross-origin requests, separated by a space when there are multiple values.
Access-Control-Max-Age Specifies the maximum age for the origin to hold the preflight results, in seconds (for example, 5, 10, or 1000).
Access-Control-Expose-Headers Specifies the headers exposed to the browser in the actual request response, separated by a space when there are multiple values.
Access-Control-Allow-Credentials Indicates whether or not the response to the request can be exposed when the credentials flag is true.  When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials.  Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.
Access-Control-Allow-Methods Specifies the method or methods allowed when accessing the resource.  This is used in response to a preflight request. 
Access-Control-Request-Headers Used when issuing a preflight request to let the server know what HTTP headers will be used when the actual request is made.
Access-Control-Request-Method Used when issuing a preflight request to let the server know what HTTP method will be used when the actual request is made.
Origin Indicates the origin of the cross-site access request or preflight request.

The following example assigns the file origin to the Origin header to indicate where the file came from. Doing so allows you to provide security that requests to your Cloud Files repository are indeed from the correct origination.

 

Example 13.14. Assign CORS header request for an object

  POST /apiVersion/yourAccountID/containerName/objectName HTTP/1.1
  Host: storage.clouddrive.com
  X-Auth-Token: yourAuthToken
  Origin: http://storage.clouddrive.com

Legal notices
Contents Search
loading table of contents...