Google云端存储忽略访问控制源标头 [英] Google Cloud Storage ignoring access control origin headers
问题描述
我试图通过AJAX从本地主机上的谷歌云存储中获取文件。我完成了以下工作:
通过gsutil为我的存储桶设置CORS:
gsutil cors set cors.json gs:// my-project
其中cors.json文件是:
[
{
origin:[
*
],
responseHeader:[origin,Accept,X-Requested-With,Authorization,Content-Type,Content-Length,Accept-Encoding,X-CSRF-Token ],
method:[
GET,
OPTIONS
],
maxAgeSeconds:1
}
]
我已使用 gsutil cors验证gs:// my-项目
然后对于每个我已经公开的文件,通过node.js客户端库上传文件时:
bucket.file(object.name).makePublic()
<通过控制台,并通过gsutil:
gsutil -m acl set -R -a public-read gs:// my-幻灯ct
然后在我的ajax请求中,我也发送了头文件:
<$ p $ ajax({
method:GET,
url:https://googleapis.com/storage/v1/b/my-project/o? delimiter = audio,
headers:{
'Access-Control-Allow-Origin':'*'
},
crossDomain:true,
})。完成((数据)=> {
console.log(data)
})
cors错误:
$ b
对预检请求的响应不会通过访问控制检查:否
'Access-Control-Allow- Origin'标题出现在请求的
资源上。原因' http:// localhost:3000 '因此不允许
访问。
如何获得CORS?
'使用googleapis.com而不是www.googleapis.com。添加www,你的代码就可以工作。看起来你没有进行任何验证,所以你还需要确保你的桶允许匿名用户列出对象( gsutil acl ch -g allUsers:R gs:// bucket-name 会设置它)。
接下来,对于匿名请求,最好添加一个将请求与您的Google Cloud项目相关联的API密钥参数。 GCS将允许完全匿名的请求,但是如果它们过于频繁可能会被阻止。
最后,存储桶上的CORS策略只能通过XML API来实现。 JSON API是www.googleapis.com端点的API,它将高兴地响应跨域请求,而无需在存储桶上设置任何特殊属性。I'm trying to get files via AJAX from google cloud storage on my local host. I have done the following:
Set the CORS for my bucket via gsutil:
gsutil cors set cors.json gs://my-project
where the cors.json file is:
[
{
"origin": [
"*"
],
"responseHeader": ["Origin", "Accept", "X-Requested-With", "Authorization", "Content-Type", "Content-Length", "Accept-Encoding", "X-CSRF-Token"],
"method": [
"GET",
"OPTIONS"
],
"maxAgeSeconds": 1
}
]
I have verified it with gsutil cors get gs://my-project
Then for each file I have made it public, both through the node.js client library when the file is uploaded:
bucket.file(object.name).makePublic()
through the console, and through the gsutil:
gsutil -m acl set -R -a public-read gs://my-project
Then in my ajax request, I also send headers:
$.ajax({
method: "GET",
url: "https://googleapis.com/storage/v1/b/my-project/o?delimiter=audio",
headers: {
'Access-Control-Allow-Origin': '*'
},
crossDomain: true,
}).done((data) => {
console.log(data)
})
and I still get a cors error:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
How do I get past CORS?
You're using "googleapis.com" instead of "www.googleapis.com". Add the "www" and your code will work.
It looks like you're not doing any authentication, so you'll also need to make sure that your bucket allows anonymous users to list objects (gsutil acl ch -g allUsers:R gs://bucket-name will set that).
Next, for anonymous requests, it's a good practice to add an API key parameter associating the request with your Google Cloud project. GCS will allow completely anonymous requests, but they may be blocked if they get too frequent.
Finally, the CORS policy on a bucket is only respected by the XML API. The JSON API, which is the one with the endpoint of "www.googleapis.com", will happily respond to cross-origin requests without the need to set any special properties on the bucket.
这篇关于Google云端存储忽略访问控制源标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
