Firebase 存储和访问控制允许来源 [英] Firebase Storage and Access-Control-Allow-Origin

问题描述

我正在尝试通过 XMLHttpRequest 从 Firebase Storage 下载文件，但资源上未设置 Access-Control-Allow-Origin，因此这是不可能的.有没有办法在存储服务器上设置这个头?

 (让 [xhr (js/XMLHttpRequest.)](.open xhr "GET" url)(set xhr "responseType" "arraybuffer")(aset xhr "onload" #(js/console.log "bin" (.-response xhr)))(.send xhr)))

Chrome 错误消息:

<块引用>

XMLHttpRequest 无法加载https://firebasestorage.googleapis.com/请求中不存在Access-Control-Allow-Origin"标头资源.Origin 'http://localhost:3449' 因此是不允许的访问.

解决方案

来自这个 帖子firebase-talk 组/列表:

<块引用>

为 CORS 配置数据的最简单方法是使用 gsutil 命令行工具.gsutil 的安装说明位于 https://cloud.google.com/storage/docs/gsutil_install.一旦您安装了 gsutil 并通过了它的身份验证，您就可以使用它来配置 CORS.

例如，如果您只想允许从自定义域下载对象，请将此数据放入名为 cors.json 的文件中(将 "https://example.com" 替换为您的域):

<预><代码>[{"起源": ["https://example.com"],"方法": ["GET"],maxAgeSeconds":3600}]

然后，运行此命令(将 "exampleproject.appspot.com" 替换为您的存储桶名称):

gsutil cors 设置 cors.json gs://exampleproject.appspot.com

你应该准备好了.

如果您需要更复杂的 CORS 配置，请查看 https://cloud.google.com/storage/docs/cross-origin#Configuring-CORS-on-a-Bucket.

I'm trying to download files from Firebase Storage through a XMLHttpRequest, but Access-Control-Allow-Origin is not set on the resource, so it's not possible. Is there any way to set this header on the storage server?

  (let [xhr (js/XMLHttpRequest.)]
    (.open xhr "GET" url)
    (aset xhr "responseType" "arraybuffer")
    (aset xhr "onload" #(js/console.log "bin" (.-response xhr)))
    (.send xhr)))

Chrome error message:

XMLHttpRequest cannot load https://firebasestorage.googleapis.com/[EDITED] No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3449' is therefore not allowed access.

解决方案

From this post on the firebase-talk group/list:

The easiest way to configure your data for CORS is with the gsutil command line tool. The installation instructions for gsutil are available at https://cloud.google.com/storage/docs/gsutil_install. Once you've installed gsutil and authenticated with it, you can use it to configure CORS.

For example, if you just want to allow object downloads from your custom domain, put this data in a file named cors.json (replacing "https://example.com" with your domain):

[
  {
    "origin": ["https://example.com"],
    "method": ["GET"],
    "maxAgeSeconds": 3600
  }
]

Then, run this command (replacing "exampleproject.appspot.com" with the name of your bucket):

gsutil cors set cors.json gs://exampleproject.appspot.com

and you should be set.

If you need a more complicated CORS configuration, check out the docs at https://cloud.google.com/storage/docs/cross-origin#Configuring-CORS-on-a-Bucket.

这篇关于Firebase 存储和访问控制允许来源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！