Why do I get "Access-Control-Allow-Origin" when downloading a file via AJAX when the header is already set?

Question

I have an image hosted on a CDN via Rackspace Cloud Files. I have the "Access-Control-Allow-Origin" header set to "*":

curl -I http://ddfe38685b82abf2025a-3d3d68979b9884dbb99ee38fe4e87955.r49.cf1.rackcdn.com/images/ads/6/a6c3d7ec7ca8d8a41a4a065e27e317e2.jpg
HTTP/1.1 200 OK
Content-Length: 1304399
Accept-Ranges: bytes
Last-Modified: Tue, 03 Mar 2015 02:10:06 GMT
ETag: c8767efedb8057eaa637a2caeabed834
X-Timestamp: 1425348605.85405
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
X-Trans-Id: tx5115bede82244690acd6a-0054f51e84dfw1
Cache-Control: public, max-age=259200
Expires: Fri, 06 Mar 2015 02:37:57 GMT
Date: Tue, 03 Mar 2015 02:37:57 GMT
Connection: keep-alive

However, when I attempt to download this file via AJAX, I get No 'Access-Control-Allow-Origin' header is present on the requested resource:

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://ddfe38685b82abf2025a-3d3d68979b9884dbb99ee38fe4e87955.r49.cf1.rackcdn.com/images/ads/6/a6c3d7ec7ca8d8a41a4a065e27e317e2.jpg', true);
xhr.send();

Any ideas why I'm getting this error when the "Access-Control-Allow-Origin" clearly is set?

Do you see the header when you view the response header in the Network tab of Developer Tools? — Barmar, Mar 03 '15 at 02:48
Sure don't! Well that's strange. I wonder why? curl shows it's present. I have another did another test on an actual Apache vhost, and the headers ARE present when I make the request against the following URL: http://app.endpipe.com/logo.png. Maybe something's up with Rackspace? — Chad Johnson, Mar 03 '15 at 02:53
The server may be checking the `X-Requested-With: xmlhttprequest` header. — Barmar, Mar 03 '15 at 03:04
I tried adding that with `curl`, it still returned the `Access-Control-Allow-Origin` header. But maybe one of the other request headers is doing it. Try adding each header to `curl` to see which one does it. — Barmar, Mar 03 '15 at 03:06
It looks like the `curl` test worked because you used `-I`. It returns the `Access-Control-Allow-Origin` header when you perform a `HEAD` request, but not when you do a `GET` request. — Barmar, Mar 03 '15 at 03:12
Ah yes, `curl -X GET -i http://ddfe38685b82abf2025a-3d3d68979b9884dbb99ee38fe4e87955.r49.cf1.rackcdn.com/images/ads/6/a6c3d7ec7ca8d8a41a4a065e27e317e2.jpg` shows no header. Okay, this is strange because I explicitly set the header myself and can see it set in the Rackspace Cloud Files UI. — Chad Johnson, Mar 03 '15 at 03:23

Chad Johnson · Answer 1 · 2015-03-03T07:19:57.570

0

Well, it seems that re-uploading the image and setting the header again may have solved the problem.

And as a helpful side note, using Fog I upload images like follows:

directory.files.create({
    :key => image_file_path,
    :body => File.read(image_temp_path),
    :public => true,
    'Access-Control-Allow-Origin' => '*'
})

edited Mar 03 '15 at 07:19

answered Mar 03 '15 at 06:43

Chad Johnson

21,215
34
109
207

Why do I get "Access-Control-Allow-Origin" when downloading a file via AJAX when the header is already set?

1 Answers1