I create a signed URL on my server on app engine and return the URL to the front-end webapp. The webapp then makes a HTTP Options (succceeds) followed by a PUT which fails with the error:
Failed to load https://storage.googleapis.com/bucket-name/rvDThZx1R6Od8zqHx7_rqQ.png?GoogleAccessId=uplo...@appspot.gserviceaccount.com&Expires=1508253581&Signature=uYA0OR4IyUAV8u5ur89dm0NJYMei8BEu2TKP4pLqHvwl8kR0DTrPJ3xdJxxJRfs3WW7bK9gdITU%2Bttd%2BNRiyCxDiZzNPKT5WeRkAj17AJnLIP4JbRdBp9gR5f5wq1c4aPfNm%2FpZyNfBA%2BwJRKysECUgYBYehDo5WvyQhpHG9A%3D%3D: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://example.appspot.com' is therefore not allowed access. I've looked through the documentation and cannot figure out what is going on. I understand that you need to set cors on the bucket if you use the XML API, not JSON, however, I don't think I'm using either XML/JSON API as I generate the signed URL on the server directly. Either way, to be safe, I've set cors on my bucket as follows: [ { "origin": ["*"], "responseHeader": ["Content-Type", "Access-Control-Allow-Origin"], "method": ["PUT"], "maxAgeSeconds": 3600 } ] The OPTIONS has the following request headers :authority:storage.googleapis.com :method:OPTIONS :path:/bucket-name/rvDThZx1R6Od8zqHx7_rqQ.png?GoogleAccessId=uplo...@appspot.gserviceaccount.com&Expires=1508253581&Signature=uYA0OR4IyUAV8u5ur89dm0NJYMei8BEu2TKP4pLqHvwl8kR0DTrPJ3xdJxxJRfs3WW7bK9gdITU%2Bttd%2BNRiyCxDiZzNPKT5WeRkAj17AJnLIP4JbRdBp9gR5f5wq1c4aPfNm%2FpZyNfBA%2BwJRKysECUgYBYehDo5WvyQhpHG9A%3D%3D :scheme:https accept:*/* accept-encoding:gzip, deflate, br accept-language:en-US,en;q=0.8 access-control-request-headers:authorization,content-type,media-type,x-goog-meta-media-type,x-goog-meta-uid access-control-request-method:PUT origin:https://example.appspot.com referer:https://example.appspot.com/ user-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 x-chrome-uma-enabled:1 x-client-data:CIa2yQEIprbJAQjBtskBCLSZygEI+pzKAQipncoBCNKdygEI/6LKAQino8oB The OPTIONS has the response headers below. The one thing I noticed was that the response doesn't contain Access-Control-Allow-Origin. I cannot figure out why this is. alt-svc:quic=":443"; ma=2592000; v="39,38,37,35" cache-control:private, max-age=0 content-length:0 content-type:text/html; charset=UTF-8 date:Mon, 16 Oct 2017 22:39:41 GMT expires:Mon, 16 Oct 2017 22:39:41 GMT server:UploadServer status:200 vary:Origin x-guploader-uploadid:AEnB2UpMXELd-l0wkyTd6jjS9LmX0IcJ9VjcXLfQfGDLY9jbVXkp-pwtXFbyw0_zfrqcwLFvEgDgdbPB9xdcbnFVpD2r94zd9A Note: The upload works fine if I try it on POSTMAN. The webapp uses axios for file upload. I don't know what else to do to debug this. Any help is really appreciated. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/43638992-8fce-4822-9b37-020cb6d09969%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.