如何在云对象存储CORS PUT请求中设置Access-Control-Allow-Credentials标头

Question

I have an image in IBM Cloud Object store, it requires authorisation for fetching. But this does not work in browser and iOS( I'm building a hybrid app) but works fine in Android. Debugging I see Pre-flight request failing with 403 Authorised error. In Andorid there is not preflight request so image loads fine but browser and iOS's webview make a preflight request.

I need to setup the backend CORS in such a way it allows Authorisation Header and OPTIONS header.

I found this on how to do it, and have setup the Headers and Methods but I can't find out the syntax for setting the Allow-Credentails.

This is my current PUT request body for setting CORS:

<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<AllowCredentials>true</AllowCredentials>
</CORSRule>
</CORSConfiguration>

This fails with MalformedXML. But if I remove the AllowCredentials it works fine.

So first question is what's the XML syntax for AllowCredentials.

Answer 1

The Access-Control-Allow-Credentials header was not needed. The 403 error with the OPTIONS request went away once i set the CORS as this:

<CORSConfiguration>
    <CORSRule>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>