diff options
author | Scott Simpson <sasimpson@gmail.com> | 2012-10-11 16:52:26 -0500 |
---|---|---|
committer | Scott Simpson <sasimpson@gmail.com> | 2012-10-23 14:48:59 -0500 |
commit | 74b27d504d310c70533175759923c21df158daf9 (patch) | |
tree | df11863dc2c84e3523e52a3dbb919cf3354b8350 /doc/source/misc.rst | |
parent | 8cacf5aaf810c996bd0be568c7ce84f3541becdd (diff) | |
download | swift-74b27d504d310c70533175759923c21df158daf9.tar.gz |
Adding CORS support
Change-Id: I894473994cdfea0996ad16e7619aff421f604abc
Diffstat (limited to 'doc/source/misc.rst')
-rw-r--r-- | doc/source/misc.rst | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/doc/source/misc.rst b/doc/source/misc.rst index 6044d02ea..0c0d60726 100644 --- a/doc/source/misc.rst +++ b/doc/source/misc.rst @@ -171,3 +171,35 @@ Proxy Logging .. automodule:: swift.common.middleware.proxy_logging :members: :show-inheritance: + +CORS Headers +============ + +Cross Origin RequestS or CORS allows the browser to make requests against +Swift from another origin via the browser. This enables the use of HTML5 +forms and javascript uploads to swift. The owner of a container can set +three headers: + ++---------------------------------------------+-------------------------------+ +|Metadata | Use | ++=============================================+===============================+ +|X-Container-Meta-Access-Control-Allow-Origin | Origins to be allowed to | +| | make Cross Origin Requests, | +| | space separated | ++---------------------------------------------+-------------------------------+ +|X-Container-Meta-Access-Control-Max-Age | Max age for the Origin to | +| | hold the preflight results. | ++---------------------------------------------+-------------------------------+ +|X-Container-Meta-Access-Control-Allow-Headers| Headers to be allowed in | +| | actual request by browser. | ++---------------------------------------------+-------------------------------+ + +When the browser does a request it can issue a preflight request. The +preflight request is the OPTIONS call that verifies the Origin is allowed +to make the request. + +* Browser makes OPTIONS request to Swift +* Swift returns 200/401 to browser based on allowed origins +* If 200, browser makes PUT, POST, DELETE, HEAD, GET request to Swift + +CORS should be used in conjunction with TempURL and FormPost. |