Preflight for Google Cloud Storage signed URL not returning CORS response headers
I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The response headers show no CORS headers:
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0
Debugging, I sent a curl request mimicking our frontend's request:
curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable"
-H "Access-Control-Request-Method: POST"
-H "Origin: https://www.example.com"
-X OPTIONS -I https://storage.googleapis.com/bucket/...
Again, the response contains no CORS response headers:
HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket where cors.json contains ["maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]]
Am I missing something here?
cors google-cloud-storage pre-signed-url
asked Nov 13 '18 at 21:47
Scott CrunkletonScott Crunkleton
528517
add a comment |
I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The response headers show no CORS headers:
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0
Debugging, I sent a curl request mimicking our frontend's request:
curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable"
-H "Access-Control-Request-Method: POST"
-H "Origin: https://www.example.com"
-X OPTIONS -I https://storage.googleapis.com/bucket/...
Again, the response contains no CORS response headers:
HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket where cors.json contains ["maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]]
Am I missing something here?
cors google-cloud-storage pre-signed-url
asked Nov 13 '18 at 21:47
Scott CrunkletonScott Crunkleton
528517
I have the same problem. Does anybody know why it happens?
– Slawek Rewaj
Nov 15 '18 at 16:10
add a comment |
I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The response headers show no CORS headers:
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0
Debugging, I sent a curl request mimicking our frontend's request:
curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable"
-H "Access-Control-Request-Method: POST"
-H "Origin: https://www.example.com"
-X OPTIONS -I https://storage.googleapis.com/bucket/...
Again, the response contains no CORS response headers:
HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket where cors.json contains ["maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]]
Am I missing something here?
cors google-cloud-storage pre-signed-url
asked Nov 13 '18 at 21:47
Scott CrunkletonScott Crunkleton
528517
I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The response headers show no CORS headers:
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0
Debugging, I sent a curl request mimicking our frontend's request:
curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable"
-H "Access-Control-Request-Method: POST"
-H "Origin: https://www.example.com"
-X OPTIONS -I https://storage.googleapis.com/bucket/...
Again, the response contains no CORS response headers:
HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket where cors.json contains ["maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]]
Am I missing something here?
cors google-cloud-storage pre-signed-url
cors google-cloud-storage pre-signed-url
asked Nov 13 '18 at 21:47
Scott CrunkletonScott Crunkleton
528517
asked Nov 13 '18 at 21:47
Scott CrunkletonScott Crunkleton
528517
edited Nov 13 '18 at 22:56
Scott Crunkleton
asked Nov 13 '18 at 21:47
Scott CrunkletonScott Crunkleton
528517
asked Nov 13 '18 at 21:47
Scott CrunkletonScott Crunkleton
528517
asked Nov 13 '18 at 21:47
Scott CrunkletonScott Crunkleton
528517
528517
I have the same problem. Does anybody know why it happens?
– Slawek Rewaj
Nov 15 '18 at 16:10
add a comment |
I have the same problem. Does anybody know why it happens?
– Slawek Rewaj
Nov 15 '18 at 16:10
I have the same problem. Does anybody know why it happens?
– Slawek Rewaj
Nov 15 '18 at 16:10
I have the same problem. Does anybody know why it happens?
– Slawek Rewaj
Nov 15 '18 at 16:10
add a comment |
1 Answer
1
active
oldest
votes
I have found a solution. I had to add x-goog-resumable to the list of response headers.
My CORS file is
[
"origin": ["*"],
"responseHeader": [
"Content-Type",
"Access-Control-Allow-Origin",
"x-goog-resumable"],
"method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
"maxAgeSeconds": 3600
]
At least preflight started to work
answered Nov 15 '18 at 16:58
Slawek RewajSlawek Rewaj
399413
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53290008%2fpreflight-for-google-cloud-storage-signed-url-not-returning-cors-response-header%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I have found a solution. I had to add x-goog-resumable to the list of response headers.
My CORS file is
[
"origin": ["*"],
"responseHeader": [
"Content-Type",
"Access-Control-Allow-Origin",
"x-goog-resumable"],
"method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
"maxAgeSeconds": 3600
]
At least preflight started to work
answered Nov 15 '18 at 16:58
Slawek RewajSlawek Rewaj
399413
add a comment |
I have found a solution. I had to add x-goog-resumable to the list of response headers.
My CORS file is
[
"origin": ["*"],
"responseHeader": [
"Content-Type",
"Access-Control-Allow-Origin",
"x-goog-resumable"],
"method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
"maxAgeSeconds": 3600
]
At least preflight started to work
answered Nov 15 '18 at 16:58
Slawek RewajSlawek Rewaj
399413
add a comment |
I have found a solution. I had to add x-goog-resumable to the list of response headers.
My CORS file is
[
"origin": ["*"],
"responseHeader": [
"Content-Type",
"Access-Control-Allow-Origin",
"x-goog-resumable"],
"method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
"maxAgeSeconds": 3600
]
At least preflight started to work
answered Nov 15 '18 at 16:58
Slawek RewajSlawek Rewaj
399413
I have found a solution. I had to add x-goog-resumable to the list of response headers.
My CORS file is
[
"origin": ["*"],
"responseHeader": [
"Content-Type",
"Access-Control-Allow-Origin",
"x-goog-resumable"],
"method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
"maxAgeSeconds": 3600
]
At least preflight started to work
answered Nov 15 '18 at 16:58
Slawek RewajSlawek Rewaj
399413
answered Nov 15 '18 at 16:58
Slawek RewajSlawek Rewaj
399413
answered Nov 15 '18 at 16:58
Slawek RewajSlawek Rewaj
399413
answered Nov 15 '18 at 16:58
Slawek RewajSlawek Rewaj
399413
399413
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53290008%2fpreflight-for-google-cloud-storage-signed-url-not-returning-cors-response-header%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I have the same problem. Does anybody know why it happens?
– Slawek Rewaj
Nov 15 '18 at 16:10