google-cloud-storage CORS Setting

2
votes

I've done the CORS set to bucket of google cloud storage, there is no Access-Control-Allow-Origin header

If my settings are wrong , I want you to tell me the right way .

My Settings

$ cat cors-json-file.json
[
  {
    "origin": [
      "*"
    ],
    "responseHeader": ["Origin", "Accept", "X-Requested-With", "Authorization", "Content-Type",     "Content-Length", "Accept-Encoding", "X-CSRF-Token"],
    "method": [
      "GET",
      "OPTIONS"
    ],
    "maxAgeSeconds": 1
  }
]

$ gsutil cors set cors-json-file.json gs://stone-swallow

$ gsutil cors get gs://stone-swallow
[{"origin": ["*"], "responseHeader": ["Origin", "Accept", "X-Requested-With", "Authorization", "Content-Type", "Content-Length", "Accept-Encoding", "X-CSRF-Token"], "method": ["GET", "OPTIONS"], "maxAgeSeconds": 1}]

try browser error message

var invocation = new XMLHttpRequest();
var url = 'http://storage.googleapis.com/stone-swallow/arcanine.png';

function callOtherDomain() {
  if(invocation) {
    invocation.open('GET', url, true);
    invocation.send();
  }
}
callOtherDomain();

XMLHttpRequest cannot load http://storage.googleapis.com/stone-swallow/arcanine.png. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.

4
google-cloud-storage
That looks fine to me. How are you loading the image in Javascript?Brandon Yarbrough
add JavaScript code.sinmetal
I want to use the object of bucket of cloud storage from multiple domains , it would be sufficient to How?sinmetal
Yes, this should be sufficient.Brandon Yarbrough
Thank you. I now expect results . Setting there is a delay in ?sinmetal

4 Answers

3
votes

I had the same problem, and the solution was to add a Header Origin: "https://ourapp.appspot.com" to the initial resumable request.

However, some librares, for example sun.net.www.protocol.http.HttpURLConnection doesn't allow you to change the Origin header because of the following variable :

restrictedHeaders = new String[]{"Access-Control-Request-Headers", "Access-Control-Request-Method", "Connection", "Content-Length", "Content-Transfer-Encoding", "Host", "Keep-Alive", "Origin", "Trailer", "Transfer-Encoding", "Upgrade", "Via"};

My workaround was to create a new HttpRequest with a library that allows to update the Origin header. I used Okhttp in my case (as former Android developper).

OkHttpClient client = new OkHttpClient();
AppIdentityService appIdentityService = credential.getAppIdentityService();
Collection<String> scopes = credential.getScopes();
String accessToken = appIdentityService.getAccessToken(scopes).getAccessToken();
Request request = new Request.Builder()
        .url("https://www.googleapis.com/upload/storage/v1/b/" + bucket + "/o?name=" + fileName + "&uploadType=resumable")
        .post(RequestBody.create(MediaType.parse(mimeType), new byte[0]))
        .addHeader("X-Upload-Content-Type", mimeType)
        .addHeader("X-Upload-Content-Length", "" + length)
        .addHeader("Origin", "http://localhost:8080")
        .addHeader("Origin", "*")
        .addHeader("authorization", "Bearer "+accessToken)
        .build();
Response response = client.newCall(request).execute();
return response.header("location");
1
votes

Make sure that there is public-read on the bucket:

$ gsutil -m acl set -R -a public-read gs://stone-swallow

0
votes

I had a very similar problem, took me few hours to realize I must set responseHeader to `["*"] in my CORS config json.

-3
votes

Specify an ‘Origin’ header on your GET method. This should fix the issue.