Google Storage Resumable upload fails with CORS error

2
votes

I'm trying to:

  1. generate on the server side a resumable upload URL using either XML API or JSON API -> URL is generated correct and can be used
  2. return that URL to browser and force upload of a file to that URL using JavaScript / jQuery.
  3. When doing the call, since is a CORS request:

a) first a preflight request is sent and get back a response 200, which includes header: access-control-allow-origin with the correct host name

b) next, the upload request is sent to Google storage, upload is done correct and get back the response (e.g including JSON with the upload details).

BUT the response does not include header: access-control-allow-origin and because of that browser complains: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.googleapis.com/upload/storage/v1/b/test-bucket/o?uploadType=resumable&upload_id=AEnB2UoTmA9ul. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

To solve this problem some articles suggest:

  • to send as "Origin" header when generating the resumable upload URL the location of the client who will do the real upload. I did that for both JSON API and XML API. But still the same
  • to configure bucket to accept CORS requests -> this is my bucket CORS configuration: [{"method": ["PUT", "GET", "OPTIONS"], "origin": ["*"]}]
1
corsgoogle-cloud-storageaccess-control
what server side language are you using? - John Balvin Arias
Java. Since I could not find any Java API for getting resumable url, I did http calls to XML API and Json API. - Calin Pavel
your need to specify the origin where the endpoint is gonaa be used, cloud.google.com/storage/docs/json_api/v1/how-tos/… ...." Origin, if you have enabled Cross-Origin Resource Sharing. You must also use this header in subsequent upload requests" that is why you get that error, when requesting the enpoint you should add origin header - John Balvin Arias
I'm sending the Origin like below but still not working: ---> POST googleapis.com/upload/storage/v1/b/test_bucket/… HTTP/1.1 Content-Type: application/json; charset=UTF-8 Authorization: Bearer ya29.c.ElpFBsPKAIPAzN0nb8lL9b_5ZbS8nncd................ X-Upload-Content-Type: image/jpeg X-Upload-Content-Length: 80449 Origin: codemart.ro:8080 Content-Length: 110 {"name":"temp/File with space.jpg"} ---> END HTTP (110-byte body) - Calin Pavel
I just checked with your configuration and I get the same when not using the full url, so try using the full url (with protocol), for example "http://" or "https://" + codemart.ro:8080" - John Balvin Arias

1 Answers

0
votes

Yes, I solved it - the problem was that Java does not allow to send / set Origin header with a custom value. So, even if I set Origin value - it was not sent.

To solve it, have to configure sun.net.http.allowRestrictedHeaders=true when starting Java process.