Google Cloud Storage签名URL的预检未返回CORS响应标头 [英] Preflight for Google Cloud Storage signed URL not returning CORS response headers
问题描述
I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
响应标头不显示CORS标头:
The response headers show no CORS headers:
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0
调试时,我发送了一个卷曲请求,模仿了我们前端的请求:
Debugging, I sent a curl request mimicking our frontend's request:
curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable" \
-H "Access-Control-Request-Method: POST" \
-H "Origin: https://www.example.com" \
-X OPTIONS -I https://storage.googleapis.com/bucket/...
curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable" \
-H "Access-Control-Request-Method: POST" \
-H "Origin: https://www.example.com" \
-X OPTIONS -I https://storage.googleapis.com/bucket/...
同样,响应中不包含CORS响应标头:
Again, the response contains no CORS response headers:
HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
我已使用gsutil cors set cors.json gs://bucket
设置了存储桶CORS设置,其中cors.json包含[{"maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]}]
I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket
where cors.json contains [{"maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]}]
我在这里想念东西吗?
推荐答案
我找到了一个解决方案.我必须在响应标头列表中添加x-goog-resumable.
I have found a solution. I had to add x-goog-resumable to the list of response headers.
我的CORS文件是
[
{
"origin": ["*"],
"responseHeader": [
"Content-Type",
"Access-Control-Allow-Origin",
"x-goog-resumable"],
"method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
"maxAgeSeconds": 3600
}
]
至少预检开始起作用
这篇关于Google Cloud Storage签名URL的预检未返回CORS响应标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!