Google Cloud Storage签名URL的预检未返回CORS响应标头

时间:2018-11-13 21:47:39

标签: cors google-cloud-storage pre-signed-url

我正在尝试执行签名的resumable upload to GCS。我们的前端遇到了针对初始请求的CORS限制: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

响应标头不显示CORS标头:

alt-svc: quic=":443"; ma=2592000; v="44,43,39,35" cache-control: private, max-age=0 content-length: 0 content-type: text/html; charset=UTF-8 date: Tue, 13 Nov 2018 20:28:32 GMT expires: Tue, 13 Nov 2018 20:28:32 GMT server: UploadServer status: 200 x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0

调试时,我发送了一个卷曲请求,模仿了前端的请求:

curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable" \ -H "Access-Control-Request-Method: POST" \ -H "Origin: https://www.example.com" \ -X OPTIONS -I https://storage.googleapis.com/bucket/...

同样,响应中不包含CORS响应标头:

HTTP/2 200 x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q date: Tue, 13 Nov 2018 21:39:53 GMT expires: Tue, 13 Nov 2018 21:39:53 GMT cache-control: private, max-age=0 content-length: 0 server: UploadServer content-type: text/html; charset=UTF-8 alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"

我已经使用gsutil cors set cors.json gs://bucket设置了存储桶的CORS设置,其中cors.json包含[{"maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]}]

我在这里想念东西吗?

2 个答案:

答案 0 :(得分:0)

我找到了解决方案。我必须将x-goog-resumable添加到响应标头列表中。

我的CORS文件是

[
    {
      "origin": ["*"],
      "responseHeader": [
        "Content-Type",
        "Access-Control-Allow-Origin",
        "x-goog-resumable"],
      "method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
      "maxAgeSeconds": 3600
    }
]

至少预检开始起作用

答案 1 :(得分:0)

我遇到了同样的问题。我通过添加以下内容进行了修复:

headers: {'Access-Control-Allow-Origin':'*','Content-Type':'application/octet-stream'}

到ajax请求签名的URL。

相关问题
最新问题