When updating an object to set custom headers and setting the "Access-Control-Allow-Origin" header, on download that header is clobbered to "x-object-meta-access-control-allow-origin". When setting this header using the Rackspace API, it does not get altered in any way.
To reproduce, open CD, connect to Swift, open a container and select an object, right-click Info, Metadata, add Custom Header:
I don't think that headers such access control headers or others such as Content-Encoding can be modified with a POST request which is for custom metadata only. I expect the Access-Control-Allow-Origin header would need to be added in the original PUT request when uploading the object. Can you post the HTTP transcript when setting this with another tool you succeed with?