I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The response headers show no CORS headers:
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0
Debugging, I sent a curl request mimicking our frontend's request:
curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable" \
-H "Access-Control-Request-Method: POST" \
-H "Origin: https://www.example.com" \
-X OPTIONS -I https://storage.googleapis.com/bucket/...
Again, the response contains no CORS response headers:
HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket where cors.json contains [{"maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]}]
Am I missing something here?
I have found a solution. I had to add x-goog-resumable to the list of response headers.
My CORS file is
[
{
"origin": ["*"],
"responseHeader": [
"Content-Type",
"Access-Control-Allow-Origin",
"x-goog-resumable"],
"method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
"maxAgeSeconds": 3600
}
]
At least preflight started to work
来源:https://stackoverflow.com/questions/53290008/preflight-for-google-cloud-storage-signed-url-not-returning-cors-response-header