Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
View issue level access limits(Press Alt + Right arrow for more information)
Request for new functionality
View staffing
Description
What you would like to accomplish:
The customer expect any requests from localhost or localhost:5000 to succeed, and this should be present in the CORS header.
The URL that should work is:
https://storage.cloud.google.com/bucket_name/object
The solution provided as per the public documentation[1] states, is to use an API that does not work with browsers.
Going tohttps://bucket-name.storage.googleapis.com/object
Returns "Access Denied. Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object. Permission 'storage.objects.get' denied on resource (or it may not exist)."
Because it ignores Auth Cookies.
The same is true withhttps://storage.googleapis.com/bucket-name/object (Access Denied).
Onlyhttps://storage.cloud.google.com/ <BUCKET_NAME> supports cookie-based authentication that works in the browser. Only the browser needs CORS. So setting CORS only really affects this endpoint.
How this might work:
This will allow customers to get Access-Control-Allow-Credentials header as CORS credentials
If applicable, reasons why alternative solutions are not sufficient:
Current functionality didn't allow customers to get Access-Control-Allow-Credentials header as CORS credentials
Links:
[1]https://cloud.google.com/storage/docs/using-cors#troubleshooting