CORS Headers For Cloud Files Content Available Now

Rackspace is pleased to announce the release of CORS (Cross Origin Resource Sharing) headers for Cloud Files content. CORS headers can be used to open communication between the browser and Cloud Files.

As you may know, Cloud Files already supports the concept of Form Post, but when using JavaScipt, users will be burdened by the cross-site security protection that are enforced at the browser-level. However, there are many cases, like developing web applications or control panels, where the browser may need to interact with Cloud Files. To allow for this communication, users should make sure their JavaScript makes a preflight request to Cloud Files, which will send the browser a list of supported origins. If the origin of the browser is allowed, the browser can continue to make the PUTs and POSTs to Cloud Files.

Setting up CORS headers in Cloud Files is simple for API users (this feature is not yet available in our Control Panels). Using the API, set metadata on your containers for the following:

This is a list of origins allowed to make cross origin requests, and should be space separated

The length of time, in seconds, that you want the origin to hold the preflight results

These are headers that you allow in the request from the browser

CORS headers should be used in conjunction with Form Post and Temp URL.  You can get details about using this feature in our Cloud Files API Developer guide.

If you have additional questions, please feel free to ask them here, contact our Fanatical Support Team or email me directly at

Rack Blogger is our catchall blog byline, subbed in when a Racker author moves on, or used when we publish a guest post. You can email Rack Blogger at


  1. Hi Megan,

    This is great and I’ve managed to get everything working except for one thing!

    The OPTIONS “pre-flight” request works fine, and I can see the Access-Control-Allow-Origin header in the response.

    Then the POST request gets accepted but I see no response in Chrome and can see the following error in the console:

    XMLHttpRequest cannot load Origin http:// is not allowed by Access-Control-Allow-Origin.

    So it looks like the POST response doesn’t contain the header, even though the OPTIONS response does. Is this something that’s not supported?

    Frustratingly the file actually uploads fine, just I can’t tell that by inspecting the response!

    Many thanks,



Please enter your comment!
Please enter your name here