Support: 1-800-961-4454
Sales Chat
1-800-961-2888

CORS Headers For Cloud Files Content Available Now

3

Rackspace is pleased to announce the release of CORS (Cross Origin Resource Sharing) headers for Cloud Files content. CORS headers can be used to open communication between the browser and Cloud Files.

As you may know, Cloud Files already supports the concept of Form Post, but when using JavaScipt, users will be burdened by the cross-site security protection that are enforced at the browser-level. However, there are many cases, like developing web applications or control panels, where the browser may need to interact with Cloud Files. To allow for this communication, users should make sure their JavaScript makes a preflight request to Cloud Files, which will send the browser a list of supported origins. If the origin of the browser is allowed, the browser can continue to make the PUTs and POSTs to Cloud Files.

Setting up CORS headers in Cloud Files is simple for API users (this feature is not yet available in our Control Panels). Using the API, set metadata on your containers for the following:

X-Container-Meta-Access-Control-Allow-Origin
This is a list of origins allowed to make cross origin requests, and should be space separated

X-Container-Access-Control-Max-Age
The length of time, in seconds, that you want the origin to hold the preflight results

X-Container-Meta-Access-Control-Allow-Headers
These are headers that you allow in the request from the browser

CORS headers should be used in conjunction with Form Post and Temp URL.  You can get details about using this feature in our Cloud Files API Developer guide.

If you have additional questions, please feel free to ask them here, contact our Fanatical Support Team or email me directly at megan.wohlford@rackspace.com.

About the Author

This is a post written and contributed by Megan Wohlford.


More
3 Comments

Hi Megan,

This is great and I’ve managed to get everything working except for one thing!

The OPTIONS “pre-flight” request works fine, and I can see the Access-Control-Allow-Origin header in the response.

Then the POST request gets accepted but I see no response in Chrome and can see the following error in the console:

XMLHttpRequest cannot load https://storage101.lon3.clouddrive.com/v1/MossoCloudFS_/TEST. Origin http:// is not allowed by Access-Control-Allow-Origin.

So it looks like the POST response doesn’t contain the header, even though the OPTIONS response does. Is this something that’s not supported?

Frustratingly the file actually uploads fine, just I can’t tell that by inspecting the response!

Many thanks,

James

avatar James Morcom on July 2, 2013 | Reply

Just noting I’ve modified the console error to remove personal data!

avatar James Morcom on July 2, 2013

Can you confirm that the CORS headers will be available for all files in the container, accessed via CDN?

http://docs.rackspace.com/files/api/v1/cf-devguide/content/CORS_Container_Header-d1e1300.html

avatar alan blount on August 22, 2013 | Reply

Leave a New Comment

(Required)


Racker Powered
©2014 Rackspace, US Inc.