stackoom
  简体   繁体   中英

How to set Access-Control-Allow-Credentials header in cloud-object-storage CORS PUT request

 原文  2018-08-10 12:08:03       amazon-web-services/ cors/ ibm-cloud/ preflight/ object-storage

Question

I have an image in IBM Cloud Object store, it requires authorisation for fetching. But this does not work in browser and iOS( I'm building a hybrid app) but works fine in Android. Debugging I see Pre-flight request failing with 403 Authorised error. In Andorid there is not preflight request so image loads fine but browser and iOS's webview make a preflight request.

I need to setup the backend CORS in such a way it allows Authorisation Header and OPTIONS header.

I found this on how to do it, and have setup the Headers and Methods but I can't find out the syntax for setting the Allow-Credentails.

This is my current PUT request body for setting CORS: 

<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<AllowCredentials>true</AllowCredentials>
</CORSRule>
</CORSConfiguration>

This fails with MalformedXML. But if I remove the AllowCredentials it works fine.

So first question is what's the XML syntax for AllowCredentials.

1 answers

solution1
 0 ACCPTED  2018-08-18 06:59:21

The Access-Control-Allow-Credentials header was not needed. The 403 error with the OPTIONS request went away once i set the CORS as this: 

<CORSConfiguration>
    <CORSRule>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question rejected by cors when using withCredentials, despiete access-control-allow-credentials and origin are set Existing solutions not working- (AWS Lambda Api) The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response Javascript CORS request, No 'Access-Control-Allow-Origin' header is present with 200 status code How to set the Access-Control-Allow-Origin header on an AWS S3 object using Ruby SDK? API Gateway CORS: no 'Access-Control-Allow-Origin' header AWS Access to XMLHttpRequest at from origin has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header How to set the value of the Access-Control-Allow-Origin header based on a list of allowed origins? “CORS header ‘Access-Control-Allow-Origin’ missing ” : while calling deployed AWS Api gateway Amazon S3 weird CORS behaviour: No 'Access-Control-Allow-Origin' header is present on the requested resource
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM