Overview of CORS
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.
ZIOS supports CORS via Swift API requests to containers and objects and CORS metadata is held on the container only. The values given apply to the container itself and all objects within it.
Before a browser issues an actual request it may issue a preflight request. The preflight request is an OPTIONS call to verify the Origin is allowed to make the request. The sequence of events are,
OPTIONSrequest to ZIOS
401to browser based on allowed origins
200, browser makes the "actual request" to ZIOS, i.e.
The max age for a client application to hold this preflight result can also be configured.
The CORS functionality is configured via the Swift API using the following headers:
|X-Container-Meta-Access-Control-Allow-Origin||Origins to be allowed to make Cross Origin Requests, space separated.|
|X-Container-Meta-Access-Control-Max-Age||Max age for the Origin to hold the preflight results.|
CORS can be configured by making a POST request against a VPSA Object Storage Container (bucket) with the header(s) above. In the most basic form, this could be done as follows:
curl -X POST -H 'X-Auth-Token: <token>' \
-H 'X-Container-Meta-Access-Control-Allow-Origin: <origins_to_allow>' \