Digital ocean spaces upload:Response to preflight request doesn't pass access control check fix [duplicate]










0
















This question already has an answer here:



  • How to allow CORS?

    24 answers



  • How does Access-Control-Allow-Origin header work?

    13 answers



Using pre-signed URL method to upload a file from the browser(javascript) to spaces account. It has been blocked



Access to XMLHttpRequest at 'https://my/signed/url' from origin 'http://192.168.1.233:8000' has been blocked by CORS policy: Response to the preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


XMLHttpRequest



var blob = new Blob([e.target.files[0]], type: e.target.files[0].type);
var xhr = new XMLHttpRequest();
xhr.open('PUT', data.upload_url);
xhr.send(blob);
console.log(xhr.status)


Updated CORS Configurations(Host, Max Age and Allowed methods) in Spaces settings, but still the CORS header issue raises. What I'm actually missing here. The same works in python requests,



Python requests:



with open(archive_file, 'rb') as data:
response = requests.put(signed_uri, data=data)


Sending as file index from $.ajax() is even failing. Can anyone suggest me how can I upload from javascript without using nodejs or react










share|improve this question













marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function()
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();

);
);
);
Nov 15 '18 at 8:47


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • Turn on CORS on your server configuration (the problem is not on js/browser side)

    – Kamil Kiełczewski
    Nov 15 '18 at 8:24












  • @KamilKiełczewski Oh no, file uploads to be sent to digital ocean spaces(like aws-s3). No server involved here

    – Krish V
    Nov 15 '18 at 8:29












  • befeore you send file to s3 first your browser need send that file to your serwer - and on that serwer you need to turn on CORS. If you upload file directly from browser to s3 then this is NOT SECURE (because you need to use s3 credentials in browser code - so you expose it to grab by some hacker and use your s3 account)

    – Kamil Kiełczewski
    Nov 15 '18 at 8:31












  • I'm using pre_signd_uri concept generated by django-server by which we can directly upload with the URI to the spaces in javascript, thereby keys won't be exposed, POSTMAN uploads by PUT request. Browser blocks.

    – Krish V
    Nov 15 '18 at 8:38
















0
















This question already has an answer here:



  • How to allow CORS?

    24 answers



  • How does Access-Control-Allow-Origin header work?

    13 answers



Using pre-signed URL method to upload a file from the browser(javascript) to spaces account. It has been blocked



Access to XMLHttpRequest at 'https://my/signed/url' from origin 'http://192.168.1.233:8000' has been blocked by CORS policy: Response to the preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


XMLHttpRequest



var blob = new Blob([e.target.files[0]], type: e.target.files[0].type);
var xhr = new XMLHttpRequest();
xhr.open('PUT', data.upload_url);
xhr.send(blob);
console.log(xhr.status)


Updated CORS Configurations(Host, Max Age and Allowed methods) in Spaces settings, but still the CORS header issue raises. What I'm actually missing here. The same works in python requests,



Python requests:



with open(archive_file, 'rb') as data:
response = requests.put(signed_uri, data=data)


Sending as file index from $.ajax() is even failing. Can anyone suggest me how can I upload from javascript without using nodejs or react










share|improve this question













marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function()
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();

);
);
);
Nov 15 '18 at 8:47


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • Turn on CORS on your server configuration (the problem is not on js/browser side)

    – Kamil Kiełczewski
    Nov 15 '18 at 8:24












  • @KamilKiełczewski Oh no, file uploads to be sent to digital ocean spaces(like aws-s3). No server involved here

    – Krish V
    Nov 15 '18 at 8:29












  • befeore you send file to s3 first your browser need send that file to your serwer - and on that serwer you need to turn on CORS. If you upload file directly from browser to s3 then this is NOT SECURE (because you need to use s3 credentials in browser code - so you expose it to grab by some hacker and use your s3 account)

    – Kamil Kiełczewski
    Nov 15 '18 at 8:31












  • I'm using pre_signd_uri concept generated by django-server by which we can directly upload with the URI to the spaces in javascript, thereby keys won't be exposed, POSTMAN uploads by PUT request. Browser blocks.

    – Krish V
    Nov 15 '18 at 8:38














0












0








0


0







This question already has an answer here:



  • How to allow CORS?

    24 answers



  • How does Access-Control-Allow-Origin header work?

    13 answers



Using pre-signed URL method to upload a file from the browser(javascript) to spaces account. It has been blocked



Access to XMLHttpRequest at 'https://my/signed/url' from origin 'http://192.168.1.233:8000' has been blocked by CORS policy: Response to the preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


XMLHttpRequest



var blob = new Blob([e.target.files[0]], type: e.target.files[0].type);
var xhr = new XMLHttpRequest();
xhr.open('PUT', data.upload_url);
xhr.send(blob);
console.log(xhr.status)


Updated CORS Configurations(Host, Max Age and Allowed methods) in Spaces settings, but still the CORS header issue raises. What I'm actually missing here. The same works in python requests,



Python requests:



with open(archive_file, 'rb') as data:
response = requests.put(signed_uri, data=data)


Sending as file index from $.ajax() is even failing. Can anyone suggest me how can I upload from javascript without using nodejs or react










share|improve this question















This question already has an answer here:



  • How to allow CORS?

    24 answers



  • How does Access-Control-Allow-Origin header work?

    13 answers



Using pre-signed URL method to upload a file from the browser(javascript) to spaces account. It has been blocked



Access to XMLHttpRequest at 'https://my/signed/url' from origin 'http://192.168.1.233:8000' has been blocked by CORS policy: Response to the preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


XMLHttpRequest



var blob = new Blob([e.target.files[0]], type: e.target.files[0].type);
var xhr = new XMLHttpRequest();
xhr.open('PUT', data.upload_url);
xhr.send(blob);
console.log(xhr.status)


Updated CORS Configurations(Host, Max Age and Allowed methods) in Spaces settings, but still the CORS header issue raises. What I'm actually missing here. The same works in python requests,



Python requests:



with open(archive_file, 'rb') as data:
response = requests.put(signed_uri, data=data)


Sending as file index from $.ajax() is even failing. Can anyone suggest me how can I upload from javascript without using nodejs or react





This question already has an answer here:



  • How to allow CORS?

    24 answers



  • How does Access-Control-Allow-Origin header work?

    13 answers







amazon-s3 cors xmlhttprequest digital-ocean






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 15 '18 at 8:16









Krish VKrish V

10711




10711




marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function()
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();

);
);
);
Nov 15 '18 at 8:47


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by sideshowbarker cors
Users with the  cors badge can single-handedly close cors questions as duplicates and reopen them as needed.

StackExchange.ready(function()
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function()
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function()
$hover.showInfoMessage('',
messageElement: $msg.clone().show(),
transient: false,
position: my: 'bottom left', at: 'top center', offsetTop: -7 ,
dismissable: false,
relativeToBody: true
);
,
function()
StackExchange.helpers.removeMessages();

);
);
);
Nov 15 '18 at 8:47


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.














  • Turn on CORS on your server configuration (the problem is not on js/browser side)

    – Kamil Kiełczewski
    Nov 15 '18 at 8:24












  • @KamilKiełczewski Oh no, file uploads to be sent to digital ocean spaces(like aws-s3). No server involved here

    – Krish V
    Nov 15 '18 at 8:29












  • befeore you send file to s3 first your browser need send that file to your serwer - and on that serwer you need to turn on CORS. If you upload file directly from browser to s3 then this is NOT SECURE (because you need to use s3 credentials in browser code - so you expose it to grab by some hacker and use your s3 account)

    – Kamil Kiełczewski
    Nov 15 '18 at 8:31












  • I'm using pre_signd_uri concept generated by django-server by which we can directly upload with the URI to the spaces in javascript, thereby keys won't be exposed, POSTMAN uploads by PUT request. Browser blocks.

    – Krish V
    Nov 15 '18 at 8:38


















  • Turn on CORS on your server configuration (the problem is not on js/browser side)

    – Kamil Kiełczewski
    Nov 15 '18 at 8:24












  • @KamilKiełczewski Oh no, file uploads to be sent to digital ocean spaces(like aws-s3). No server involved here

    – Krish V
    Nov 15 '18 at 8:29












  • befeore you send file to s3 first your browser need send that file to your serwer - and on that serwer you need to turn on CORS. If you upload file directly from browser to s3 then this is NOT SECURE (because you need to use s3 credentials in browser code - so you expose it to grab by some hacker and use your s3 account)

    – Kamil Kiełczewski
    Nov 15 '18 at 8:31












  • I'm using pre_signd_uri concept generated by django-server by which we can directly upload with the URI to the spaces in javascript, thereby keys won't be exposed, POSTMAN uploads by PUT request. Browser blocks.

    – Krish V
    Nov 15 '18 at 8:38

















Turn on CORS on your server configuration (the problem is not on js/browser side)

– Kamil Kiełczewski
Nov 15 '18 at 8:24






Turn on CORS on your server configuration (the problem is not on js/browser side)

– Kamil Kiełczewski
Nov 15 '18 at 8:24














@KamilKiełczewski Oh no, file uploads to be sent to digital ocean spaces(like aws-s3). No server involved here

– Krish V
Nov 15 '18 at 8:29






@KamilKiełczewski Oh no, file uploads to be sent to digital ocean spaces(like aws-s3). No server involved here

– Krish V
Nov 15 '18 at 8:29














befeore you send file to s3 first your browser need send that file to your serwer - and on that serwer you need to turn on CORS. If you upload file directly from browser to s3 then this is NOT SECURE (because you need to use s3 credentials in browser code - so you expose it to grab by some hacker and use your s3 account)

– Kamil Kiełczewski
Nov 15 '18 at 8:31






befeore you send file to s3 first your browser need send that file to your serwer - and on that serwer you need to turn on CORS. If you upload file directly from browser to s3 then this is NOT SECURE (because you need to use s3 credentials in browser code - so you expose it to grab by some hacker and use your s3 account)

– Kamil Kiełczewski
Nov 15 '18 at 8:31














I'm using pre_signd_uri concept generated by django-server by which we can directly upload with the URI to the spaces in javascript, thereby keys won't be exposed, POSTMAN uploads by PUT request. Browser blocks.

– Krish V
Nov 15 '18 at 8:38






I'm using pre_signd_uri concept generated by django-server by which we can directly upload with the URI to the spaces in javascript, thereby keys won't be exposed, POSTMAN uploads by PUT request. Browser blocks.

– Krish V
Nov 15 '18 at 8:38













0






active

oldest

votes

















0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes

這個網誌中的熱門文章

How to read a connectionString WITH PROVIDER in .NET Core?

Node.js Script on GitHub Pages or Amazon S3

Museum of Modern and Contemporary Art of Trento and Rovereto