I have an image in IBM Cloud Object store, it requires authorisation for fetching. But this does not work in browser and iOS( I'm building a hybrid app) but works fine in Android. Debugging I see Pre-flight request failing with 403 Authorised error. In Andorid there is not preflight request so image loads fine but browser and iOS's webview make a preflight request.
I need to setup the backend CORS in such a way it allows Authorisation Header and OPTIONS header.
I found this on how to do it, and have setup the Headers and Methods but I can't find out the syntax for setting the Allow-Credentails.
This is my current PUT request body for setting CORS:
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<AllowCredentials>true</AllowCredentials>
</CORSRule>
</CORSConfiguration>
This fails with MalformedXML. But if I remove the AllowCredentials it works fine.
So first question is what's the XML syntax for AllowCredentials.
The Access-Control-Allow-Credentials header was not needed. The 403 error with the OPTIONS request went away once i set the CORS as this:
<CORSConfiguration>
<CORSRule>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedOrigin>*</AllowedOrigin>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.