此卷曲请求适用于CORS:
> curl -H "Origin: http://DOMAIN-WE-REQUEST-FROM" https://api.github.com -s -D - -o /dev/null
HTTP/1.1 200 OK
Server: GitHub.com
Date: Thu, 11 Apr 2013 17:26:32 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58
X-GitHub-Media-Type: github.beta
X-Content-Type-Options: nosniff
Content-Length: 1729
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-OAuth-Scopes, X-Accepted-OAuth-Scopes
Access-Control-Allow-Origin: *
ETag: "b883d9a4fa4fe813d8daafea01b9276b"
Cache-Control: max-age=0, private, must-revalidate
对启用CORS的域的相同请求不会发送回正确的标头:
> curl -H "Origin: http://DOMAIN-WE-REQUEST-FROM" http://EXAMPLE.storage.googleapis.com/FILE-THAT-WAS-RETURNING-CORS-THIS-MORNING.gif -s -D - -o /dev/null
HTTP/1.1 200 OK
Server: HTTP Upload Server Built on Apr 8 2013 13:06:58 (1365451618)
Date: Thu, 11 Apr 2013 17:25:50 GMT
Cache-Control: no-cache, no-transform
Expires: Fri, 11 Apr 2014 17:25:50 GMT
Last-Modified: Thu, 24 Jan 2013 20:58:29 GMT
ETag: "7c21bc009de625eda70e50c9fea4665a"
x-goog-generation: 1359061109538000
x-goog-metageneration: 1
Content-Type: image/gif
x-goog-hash: md5=fCG8AJ3mJe2nDlDJ/qRmWg==
Accept-Ranges: bytes
Content-Length: 111711
我们的CORS配置是正确的:
> gsutil getcors gs://EXAMPLE
<?xml version="1.0" ?>
<CorsConfig>
<Cors>
<Origins>
<Origin>
http://OTHER-DOMAIN
</Origin>
<Origin>
http://DOMAIN-WE-REQUEST-FROM
</Origin>
</Origins>
<Methods>
<Method>
GET
</Method>
<Method>
HEAD
</Method>
<Method>
OPTIONS
</Method>
<Method>
PUT
</Method>
</Methods>
<ResponseHeaders>
<ResponseHeader>
accept-encoding
</ResponseHeader>
<ResponseHeader>
cache-control
</ResponseHeader>
<ResponseHeader>
content-length
</ResponseHeader>
<ResponseHeader>
content-type
</ResponseHeader>
<ResponseHeader>
expect
</ResponseHeader>
<ResponseHeader>
if-modified-since
</ResponseHeader>
<ResponseHeader>
origin
</ResponseHeader>
<ResponseHeader>
range
</ResponseHeader>
<ResponseHeader>
referer
</ResponseHeader>
<ResponseHeader>
x-goog-acl
</ResponseHeader>
<ResponseHeader>
x-goog-api-version
</ResponseHeader>
</ResponseHeaders>
<MaxAgeSec>
300
</MaxAgeSec>
</Cors>
</CorsConfig>
没有CORS。这打破了我们的应用程序生产,请回复Google云团队。
(Google已声明支持将在此处发布:https://groups.google.com/forum/?fromgroups=#!topic/gs-discussion/wu7vnC-TpT4)