How can I configure OpenStack SWIFT to send all the appropriate CORS headers in response to a client's OPTIONS request? I know about the crossdomain plugin to the SWIFT pipeline, but the documentation only says that something like the following is allowed:

[filter:crossdomain]
use = egg:swift#crossdomain
cross_domain_policy = <allow-access-from domain="xxx.yyy.com" />

It doesn't tell me how to specify the Access-Control-Allow-Headers, Access-Control-Expose-Headers, Access-Control-Allow-Credentials, Access-Control-Max-Age, etc. headers.

Anyone know how this is done?

Despite very confusing documentation that led me to believe the container and object metadata of various (incorrect) forms were what I needed, it turned out that I needed to set the following two:

"Access-Control-Allow-Origin: xxx"
"Access-Control-Expose-Headers: X-Foo, X-Bar"

The various documentation that said to use X-Access-Control-Allow-Origin and X-Container-Meta-Access-Control-Allow-Origin didn't work. I gleamed the above after looking through the code.

Openstack Swift

You can set the following headers on a Container level only:

X-Container-Meta-Access-Control-Allow-Origin
X-Container-Meta-Access-Control-Max-Age
X-Container-Meta-Access-Control-Allow-Headers
X-Container-Meta-Access-Control-Expose-Headers

You can set a containers CORS permissions with :

curl -i -X POST https://swift.example.io/v1/AUTH_user/container \
           -H "X-Container-Meta-Access-Control-Allow-Origin: *" \
           -H 'X-Auth-Token: AUTH_xxx'

NOTE: This is how I implement it.

Openstack Swift Docs

Openstack User Guide

You have many more options according to the current Openstack User Guide. They haven't maintained the documentation consistently.

UPDATED INFORMATION

Information relating to the depreciation of x- specifications: https://specs.openstack.org/openstack/api-wg/guidelines/headers.html