2

此 curl 请求适用于 CORS:

> curl -H "Origin: http://DOMAIN-WE-REQUEST-FROM" https://api.github.com -s -D - -o /dev/null
HTTP/1.1 200 OK
Server: GitHub.com
Date: Thu, 11 Apr 2013 17:26:32 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200 OK
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58
X-GitHub-Media-Type: github.beta
X-Content-Type-Options: nosniff
Content-Length: 1729
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-OAuth-Scopes, X-Accepted-OAuth-Scopes
Access-Control-Allow-Origin: *
ETag: "b883d9a4fa4fe813d8daafea01b9276b"
Cache-Control: max-age=0, private, must-revalidate

对 Google 启用 CORS 的域的相同请求不会发回正确的标头:

> curl -H "Origin: http://DOMAIN-WE-REQUEST-FROM" http://EXAMPLE.storage.googleapis.com/FILE-THAT-WAS-RETURNING-CORS-THIS-MORNING.gif -s -D - -o /dev/null
HTTP/1.1 200 OK
Server: HTTP Upload Server Built on Apr 8 2013 13:06:58 (1365451618)
Date: Thu, 11 Apr 2013 17:25:50 GMT
Cache-Control: no-cache, no-transform
Expires: Fri, 11 Apr 2014 17:25:50 GMT
Last-Modified: Thu, 24 Jan 2013 20:58:29 GMT
ETag: "7c21bc009de625eda70e50c9fea4665a"
x-goog-generation: 1359061109538000
x-goog-metageneration: 1
Content-Type: image/gif
x-goog-hash: md5=fCG8AJ3mJe2nDlDJ/qRmWg==
Accept-Ranges: bytes
Content-Length: 111711

我们的 CORS 配置是正确的:

> gsutil getcors gs://EXAMPLE
<?xml version="1.0" ?>
<CorsConfig>
    <Cors>
        <Origins>
            <Origin>
                http://OTHER-DOMAIN
            </Origin>
            <Origin>
                http://DOMAIN-WE-REQUEST-FROM
            </Origin>
        </Origins>
        <Methods>
            <Method>
                GET
            </Method>
            <Method>
                HEAD
            </Method>
            <Method>
                OPTIONS
            </Method>
            <Method>
                PUT
            </Method>
        </Methods>
        <ResponseHeaders>
            <ResponseHeader>
                accept-encoding
            </ResponseHeader>
            <ResponseHeader>
                cache-control
            </ResponseHeader>
            <ResponseHeader>
                content-length
            </ResponseHeader>
            <ResponseHeader>
                content-type
            </ResponseHeader>
            <ResponseHeader>
                expect
            </ResponseHeader>
            <ResponseHeader>
                if-modified-since
            </ResponseHeader>
            <ResponseHeader>
                origin
            </ResponseHeader>
            <ResponseHeader>
                range
            </ResponseHeader>
            <ResponseHeader>
                referer
            </ResponseHeader>
            <ResponseHeader>
                x-goog-acl
            </ResponseHeader>
            <ResponseHeader>
                x-goog-api-version
            </ResponseHeader>
        </ResponseHeaders>
        <MaxAgeSec>
            300
        </MaxAgeSec>
    </Cors>
</CorsConfig>

没有 CORS。这在生产中破坏了我们的应用程序,请回复谷歌云团队。

(谷歌已声明支持将在此处进行:https ://groups.google.com/forum/?fromgroups=#!topic/gs-discussion/wu7vnC-TpT4 )

4

0 回答 0