This guide shows how to set CORS Header in Rackspace Cloud Files to Allow or Restrict usage over HTTPS protocol and how to get the headers. We talked about CORS in a previously published article. We can set CORS Header in Rackspace Cloud Files on individual files as well as container (quite difficult method) and purge the file, cURL to check the headers.
CORS Header in Rackspace Cloud Files : Importance and Official Documentation
Setting the right CORS Header in Rackspace Cloud Files is important with HSTS, SPDY enabled fronted, else the modern browsers might block loading things based on server configuration, like we can set CORS rules on Nginx. You can test CORS with latest Chrome browser’s console tool against your webpage, to check whether anything is getting blocked. Official documentations are available here :
1 2 | http://www.rackspace.com/blog/cors-headers-for-cloud-files-content-available-now/ http://docs.rackspace.com/files/api/v1/cf-devguide/content/Assigning_CORS_Headers_to_Requests-d1e2120.html |
CORS Header in Rackspace Cloud Files : Methods
We can set CORS from Rackspace Cloud account by going to the container and clicking on the file and selecting a value and hitting the Return / Enter key. By default, origin will be set to https://mycloud.rackspace.com, we need to delete the value and add our own domain as origin. You must purge the file (if you have set a higher value of max age like 50 yrs like me :p ). You can curl to get the headers :
---
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | curl -I https://5bf5085ff6a0ff8a98e0-fbacee3e259cb36f1f312cedca614c38.ssl.cf2.rackcdn.com/icon-font.css # output HTTP/1.1 200 OK Origin: https://thecustomizewindows.com Last-Modified: Mon, 29 Sep 2014 21:39:20 GMT ETag: ed522499b55558e5d2bd4851fe30ee96 X-Timestamp: 1412026759.06361 Access-Control-Allow-Credentials: https://thecustomizewindows.com Access-Control-Allow-Origin: https://thecustomizewindows.com Content-Type: text/css X-Trans-Id: tx0792e29d4a23410cbaee0-00542a7850ord1 Cache-Control: public, max-age=25920000 Expires: Mon, 27 Jul 2015 09:30:56 GMT Date: Tue, 30 Sep 2014 09:30:56 GMT Connection: keep-alive |
You should set CORS on NGINX as separate blocks to allow various origin like specifically for 5bf5085ff6a0ff8a98e0-fbacee3e259cb36f1f312cedca614c38.ssl.cf2.rackcdn.com in the above example. Multiple domain name CORS block is accept unless there is any contradiction. Google Ads add the CORS from account settings, thats why we never need to add Google specific CORS. But, YouTube cookie domain must be allowed, you should periodically check on Chrome on random pages to catch any blocked material.
Cyberduck is a nice tool, read it :
1 | https://trac.cyberduck.io/wiki/help/en/howto/cloudfiles |
We can set CORS on a container to inherit the properties by POST method. You can see the discussion here :
1 | https://github.com/rackspace/pyrax/issues/364 |
and use our great CocoaRestfulClient to do anything!
