ChatGPT解决这个技术问题 Extra ChatGPT

Firebase Storage and Access-Control-Allow-Origin

I'm trying to download files from Firebase Storage through a XMLHttpRequest, but Access-Control-Allow-Origin is not set on the resource, so it's not possible. Is there any way to set this header on the storage server? 

  (let [xhr (js/XMLHttpRequest.)]
    (.open xhr "GET" url)
    (aset xhr "responseType" "arraybuffer")
    (aset xhr "onload" #(js/console.log "bin" (.-response xhr)))
    (.send xhr)))

Chrome error message:

XMLHttpRequest cannot load https://firebasestorage.googleapis.com/[EDITED] No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3449' is therefore not allowed access.

Not enough rep for a comment, but the above way is still the right way. Just wanted to share the official firebase docs on this one: firebase.google.com/docs/storage/web/…

u
undefined

From this post on the firebase-talk group/list:

The easiest way to configure your data for CORS is with the gsutil command line tool. The installation instructions for gsutil are available at https://cloud.google.com/storage/docs/gsutil_install. Once you've installed gsutil and authenticated with it, you can use it to configure CORS.

For example, if you just want to allow object downloads from your custom domain, put this data in a file named cors.json (replacing "https://example.com" with your domain): 

[
  {
    "origin": ["https://example.com"],
    "method": ["GET"],
    "maxAgeSeconds": 3600
  }
]

Then, run this command (replacing "exampleproject.appspot.com" with the name of your bucket):

gsutil cors set cors.json gs://exampleproject.appspot.com

and you should be set.

If you need a more complicated CORS configuration, check out the docs at https://cloud.google.com/storage/docs/cross-origin#Configuring-CORS-on-a-Bucket.

The above is now also included in the Firebase documentation on CORS Configuration

Is there a way to allow all origins similar to Access-Control-Allow-Origin: * ?
How can I find the exact name of my firebase bucket?
@user1311069 just use "origin": ["*"], instead of "origin": ["https://example.com"],
Firebase really needs to figure out a user friendly way to do this. Setting permissions on an actual Firebase database is not nearly this frustrating nor is setting S3 bucket permissions. Strong preference for S3 at this point in time.
If you don't want to install the util, a handy way is to go to console.cloud.google.com/home and click “Activate Google Cloud Shell” in the top right. This will open a shell with gsutil already installed, and with access to your firebase storage projects. (in the shell i used pico to create a json, then did the gsutil cors set myjson.json gs://projectname.appspot.com as mentioned above)
J
JeffD23

Google Cloud now has an inline editor to make this process even easier. No need to install anything on your local system.

Open the GCP console and start a cloud terminal session by clicking the >_ icon button in the top navbar. Click the pencil icon to open the editor, then create the cors.json file. Run gsutil cors set cors.json gs://your-bucket

https://i.stack.imgur.com/8ZlQ7.png

It's the icon in the top right nav that looks like >_
Is there a straight forward way to pull the existing cors config first for reversion if necessary?
Did the trick! thank you. I must say, this could be so much simpler if it was controlled from firebase storage itself, under rules perhaps?! #google #firebase there's an opportunity here to enhance user experience.
@NickCarducci you might be right and i really like the anonymous facility, though it worries that it has a hard limit of 10 million from memory. This could be dangerous when you have a web app for a TV campaign for example where no one is expected to sign in or register.
Is there any wait time required? I set origin to "*" and it still complained Access to fetch at 'firebasestorage.googleapis.com...' from origin 'https://....stackblitz.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
A
Aakash

Just want to add to the answer. Just go to your project in google console (console.cloud.google.com/home) and select your project. There open the terminal and just create the cors.json file (touch cors.json) and then follow the answer and edit this file (vim cors.json) as suggested by @frank-van-puffelen

This worked for me. Cheers!

The web console at console.cloud.google.com/home was giving me an error, but worked fine with the Google Cloud SDK Shell.
... There open the terminal and ... How do you open the terminal? I see no "Open terminal" button on link
Make sure you're on the cloud subdomain, not the firebase one ("console.cloud.google.com/home") and look for the >_ icon button in the top right.
n
nimesh makwana

another approach to do this is using Google JSON API. step 1 : get access token to use with JSON API To get a token use go to : https://developers.google.com/oauthplayground/ Then search for JSON API or Storage Select required options i.e read ,write , full_access (tick those which are required) Follow the process to get Access Token, which will be valid for an hour. Step 2: Use token to hit google JSON API to update CORS

Sample Curl : 

    curl -X PATCH \
  'https://www.googleapis.com/storage/v1/b/your_bucket_id?fields=cors' \
  -H 'Accept: application/json' \
  -H 'Accept-Encoding: gzip, deflate' \
  -H 'Authorization: Bearer ya29.GltIB3rTqQ2tJgh0cMj1SEa1UgQNJnTMXUjMlMIRGG-mBCbiUO0wqdDuEpnPD6cbkcr1CuLItuhaNCTJYhv2ZKjK7yqyIHNgkCBup-T8Z1B1RiBrCgcgliHOGFDz' \
  -H 'Content-Type: application/json' \
  -H 'Postman-Token: d19f29ed-2e80-4c34-85ee-c46c9058fac0' \
  -H 'cache-control: no-cache' \
  -d '{
  "location": "us",
  "storageClass": "Standard",
  "cors": [
      {
          "maxAgeSeconds": "360000000",
          "method": [
             "GET",
             "HEAD",
             "DELETE"
          ],
          "origin": [
             "*"
          ],
          "responseHeader":[
            "Content-Type"
         ]
      }
  ]
}'
A
Alex Joslin

I am working on a project using firebase storage and the end-user needs a way to download the file they uploaded. I was getting a cors error when the user tried to download the file but after some research, I solved the issue. Here is how I figured it out:

Download Google Cloud CLI Log in using the CLI Create cors.json file in the project directory and type the code below. 

[
  {
    "origin": ["*"],
    "method": ["GET"],
    "maxAgeSeconds": 3600
  }
]

Navigate to the directory containing cors.json with the Google Cloud CLI In the CLI type: gsutil cors set cors.json gs://.appspot.com

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

相似问题

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Links

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.