Preflight for Google Cloud Storage signed URL not returning CORS response headers










2















I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.



The response headers show no CORS headers:



alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0



Debugging, I sent a curl request mimicking our frontend's request:



curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable"
-H "Access-Control-Request-Method: POST"
-H "Origin: https://www.example.com"
-X OPTIONS -I https://storage.googleapis.com/bucket/...



Again, the response contains no CORS response headers:



HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"



I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket where cors.json contains ["maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]]



Am I missing something here?










share|improve this question
























  • I have the same problem. Does anybody know why it happens?

    – Slawek Rewaj
    Nov 15 '18 at 16:10















2















I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.



The response headers show no CORS headers:



alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0



Debugging, I sent a curl request mimicking our frontend's request:



curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable"
-H "Access-Control-Request-Method: POST"
-H "Origin: https://www.example.com"
-X OPTIONS -I https://storage.googleapis.com/bucket/...



Again, the response contains no CORS response headers:



HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"



I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket where cors.json contains ["maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]]



Am I missing something here?










share|improve this question
























  • I have the same problem. Does anybody know why it happens?

    – Slawek Rewaj
    Nov 15 '18 at 16:10













2












2








2








I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.



The response headers show no CORS headers:



alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0



Debugging, I sent a curl request mimicking our frontend's request:



curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable"
-H "Access-Control-Request-Method: POST"
-H "Origin: https://www.example.com"
-X OPTIONS -I https://storage.googleapis.com/bucket/...



Again, the response contains no CORS response headers:



HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"



I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket where cors.json contains ["maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]]



Am I missing something here?










share|improve this question
















I'm trying to perform a signed resumable upload to GCS. Our frontend is running up against CORS restrictions on the initial request:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.



The response headers show no CORS headers:



alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 13 Nov 2018 20:28:32 GMT
expires: Tue, 13 Nov 2018 20:28:32 GMT
server: UploadServer
status: 200
x-guploader-uploadid: AEnB2Ups1tKbTbhPmsjrPXbIuIUyQt135AlSJ1n7-7XTwMrtQ2vUvn1WwpX3a_iusfmsXHaufdf5B3H2PzmDONs2wW7tKkLarYoxrVyWalhaX6FzGQPoRW0



Debugging, I sent a curl request mimicking our frontend's request:



curl -H "Access-Control-Request-Headers: content-type,x-goog-resumable"
-H "Access-Control-Request-Method: POST"
-H "Origin: https://www.example.com"
-X OPTIONS -I https://storage.googleapis.com/bucket/...



Again, the response contains no CORS response headers:



HTTP/2 200
x-guploader-uploadid: AEnB2UqwKiRSJjHjF9mzsZRMODdQmF6xhUAhdeEenuD0_WXmxpVA6n0i_HWY2NOJxvXS2t_I4IoFW_yvz6lssMz_HVmvlswL5NilGC3wE2YT0-L9aD7Pf1Q
date: Tue, 13 Nov 2018 21:39:53 GMT
expires: Tue, 13 Nov 2018 21:39:53 GMT
cache-control: private, max-age=0
content-length: 0
server: UploadServer
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"



I've set my bucket CORS settings with gsutil cors set cors.json gs://bucket where cors.json contains ["maxAgeSeconds": 3600, "method": ["GET", "POST", "PUT", "OPTIONS"], "origin": ["*"]]



Am I missing something here?







cors google-cloud-storage pre-signed-url






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 13 '18 at 22:56







Scott Crunkleton

















asked Nov 13 '18 at 21:47









Scott CrunkletonScott Crunkleton

538517




538517












  • I have the same problem. Does anybody know why it happens?

    – Slawek Rewaj
    Nov 15 '18 at 16:10

















  • I have the same problem. Does anybody know why it happens?

    – Slawek Rewaj
    Nov 15 '18 at 16:10
















I have the same problem. Does anybody know why it happens?

– Slawek Rewaj
Nov 15 '18 at 16:10





I have the same problem. Does anybody know why it happens?

– Slawek Rewaj
Nov 15 '18 at 16:10












1 Answer
1






active

oldest

votes


















1














I have found a solution. I had to add x-goog-resumable to the list of response headers.



My CORS file is



[

"origin": ["*"],
"responseHeader": [
"Content-Type",
"Access-Control-Allow-Origin",
"x-goog-resumable"],
"method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
"maxAgeSeconds": 3600

]


At least preflight started to work






share|improve this answer






















    Your Answer






    StackExchange.ifUsing("editor", function ()
    StackExchange.using("externalEditor", function ()
    StackExchange.using("snippets", function ()
    StackExchange.snippets.init();
    );
    );
    , "code-snippets");

    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "1"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53290008%2fpreflight-for-google-cloud-storage-signed-url-not-returning-cors-response-header%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    1














    I have found a solution. I had to add x-goog-resumable to the list of response headers.



    My CORS file is



    [

    "origin": ["*"],
    "responseHeader": [
    "Content-Type",
    "Access-Control-Allow-Origin",
    "x-goog-resumable"],
    "method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
    "maxAgeSeconds": 3600

    ]


    At least preflight started to work






    share|improve this answer



























      1














      I have found a solution. I had to add x-goog-resumable to the list of response headers.



      My CORS file is



      [

      "origin": ["*"],
      "responseHeader": [
      "Content-Type",
      "Access-Control-Allow-Origin",
      "x-goog-resumable"],
      "method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
      "maxAgeSeconds": 3600

      ]


      At least preflight started to work






      share|improve this answer

























        1












        1








        1







        I have found a solution. I had to add x-goog-resumable to the list of response headers.



        My CORS file is



        [

        "origin": ["*"],
        "responseHeader": [
        "Content-Type",
        "Access-Control-Allow-Origin",
        "x-goog-resumable"],
        "method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
        "maxAgeSeconds": 3600

        ]


        At least preflight started to work






        share|improve this answer













        I have found a solution. I had to add x-goog-resumable to the list of response headers.



        My CORS file is



        [

        "origin": ["*"],
        "responseHeader": [
        "Content-Type",
        "Access-Control-Allow-Origin",
        "x-goog-resumable"],
        "method": ["GET", "HEAD", "DELETE", "POST", "OPTIONS"],
        "maxAgeSeconds": 3600

        ]


        At least preflight started to work







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 15 '18 at 16:58









        Slawek RewajSlawek Rewaj

        399413




        399413



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53290008%2fpreflight-for-google-cloud-storage-signed-url-not-returning-cors-response-header%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            這個網誌中的熱門文章

            How to read a connectionString WITH PROVIDER in .NET Core?

            In R, how to develop a multiplot heatmap.2 figure showing key labels successfully

            Museum of Modern and Contemporary Art of Trento and Rovereto