[英]How to set Access-Control-Allow-Credentials header in cloud-object-storage CORS PUT request
I have an image in IBM Cloud Object store, it requires authorisation for fetching. 我在IBM Cloud Object存储中有一个映像,它需要授权才能进行提取。 But this does not work in browser and iOS( I'm building a hybrid app) but works fine in Android. 但这在浏览器和iOS(我正在构建一个混合应用)中不起作用,但在Android中可以正常工作。 Debugging I see Pre-flight request failing with 403 Authorised error. 调试我看到飞行前请求失败,并显示403授权错误。 In Andorid there is not preflight request so image loads fine but browser and iOS's webview make a preflight request. 在Andorid中,没有预检请求,因此图像加载正常,但浏览器和iOS的Webview发出了预检请求。
I need to setup the backend CORS in such a way it allows Authorisation Header and OPTIONS header. 我需要以允许Authorization Header和OPTIONS标头的方式设置后端CORS。
I found this on how to do it, and have setup the Headers and Methods but I can't find out the syntax for setting the Allow-Credentails. 我发现这对如何做到这一点,并且已经设置了页眉和方法,但我不能找出设置允许-Credentails的语法。
This is my current PUT request body for setting CORS: 这是我当前用于设置CORS的PUT请求正文:
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<AllowCredentials>true</AllowCredentials>
</CORSRule>
</CORSConfiguration>
This fails with MalformedXML. MalformedXML失败。 But if I remove the AllowCredentials it works fine. 但是,如果我删除AllowCredentials,它可以正常工作。
So first question is what's the XML syntax for AllowCredentials. 因此,第一个问题是AllowCredentials的XML语法是什么。
The Access-Control-Allow-Credentials header was not needed. 不需要Access-Control-Allow-Credentials标头。 The 403 error with the OPTIONS request went away once i set the CORS as this: 我将CORS设置为以下方式后,OPTIONS请求的403错误就消失了:
<CORSConfiguration>
<CORSRule>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedOrigin>*</AllowedOrigin>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.