39 lines
1.4 KiB
ReStructuredText
39 lines
1.4 KiB
ReStructuredText
===============================
|
|
Assign CORS headers to requests
|
|
===============================
|
|
|
|
:term:`Cross-Origin Resource Sharing (CORS)` is a specification that
|
|
defines how browsers and servers communicate across origins by using
|
|
HTTP headers, such as those assigned by Object Storage API
|
|
requests. The Object Storage API supports the following headers:
|
|
|
|
- Access-Control-Allow-Credentials
|
|
- Access-Control-Allow-Methods
|
|
- Access-Control-Allow-Origin
|
|
- Access-Control-Expose-Headers
|
|
- Access-Control-Max-Age
|
|
- Access-Control-Request-Headers
|
|
- Access-Control-Request-Method
|
|
- Origin
|
|
|
|
You can only assign these headers to objects. For more information, see
|
|
`www.w3.org/TR/access-control/ <http://www.w3.org/TR/access-control/>`__.
|
|
|
|
This example assigns the file origin to the ``Origin`` header, which
|
|
ensures that the file originated from a reputable source.
|
|
|
|
.. code-block:: console
|
|
|
|
$ curl -i -X POST -H "Origin: example.com" -H "X-Auth-Token:
|
|
48e17715dfce47bb90dc2a336f63493a"
|
|
https://storage.example.com/v1/MossoCloudFS_c31366f1-9f1c-40dc-a
|
|
b92-6b3f0b5a8c45/ephotos
|
|
HTTP/1.1 204 No Content
|
|
Content-Length: 0
|
|
Content-Type: text/html; charset=UTF-8
|
|
Access-Control-Allow-Origin: example.com
|
|
Access-Control-Expose-Headers: cache-control, content-language,
|
|
content-type, expires, last-modified, pragma, etag, x-timestamp, x-trans-id
|
|
X-Trans-Id: tx979bfe26be6649c489ada-0054cba1d9ord1
|
|
Date: Fri, 30 Jan 2015 15:23:05 GMT
|