Request header field X-Requested

2
votes

I am trying to access a file in a bucket on google cloud storage. I have set the CORS configuration for the bucket. But I am getting this error when I make a request across https://. It works fine for requests made across http://.

"XMLHttpRequest cannot load "FILENAME".

Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response."

1
xmlhttprequestcorsgoogle-cloud-platformgoogle-cloud-storagepreflight

1 Answers

3
votes

You must include X-Requested-With in the value of the responseHeader member in your config:

[
    {
      "origin": ["http://example.appspot.com"],
      "responseHeader": ["X-Requested-With"],
      "method": ["GET", "POST"],
      "maxAgeSeconds": 3600
    }
]

See the relevant docs, which say:

If this is a preflight request, check if the preflight request includes one or more Access-Control-Request-Header. If so, then ensure that the matching CORS configuration entry includes a <ResponseHeader> entry for each requested header. All headers named in the Access-Control-Request-Header must be in the CORS configuration for the preflight request to succeed and include CORS headers in the response.