客户端向服务器发送请求(生成的代码):
const headerParameters = {
Authorization: 'Bearer ...',
};
const response = await this.request({
path: `/{documentId}`.replace(`{${"documentId"}}`, encodeURIComponent(String(requestParameters.documentId))),
method: 'GET',
headers: headerParameters,
query: queryParameters,
});
服务器使用307以下标头进行响应:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, x-requested-with, accept, content-type, authorization, cookie, actor
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin: http://localhost:3000
Access-Control-Max-Age: 3628800
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Thu, 22 Apr 2021 12:45:29 GMT
Expires: 0
Location: https://storage.googleapis.com/O992204202100001?SOME_GOOGLE_QUERY_PARAMS_FOR_SIGNED_URL
Origin: http://localhost:3000
Pragma: no-cache
Set-Cookie: JSESSIONID=m6VEjCRYukTqOGdAe1fFdrwj5CIycILI; path=/
Strict-Transport-Security: max-age=15724800; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
x-robots-tag: noindex,nofollow always
X-XSS-Protection: 1; mode=block
然后,客户端使用以下请求标头向“位置”发出 OPTIONS 预检请求:
:authority: storage.googleapis.com
:method: OPTIONS
:path: /O992204202100001?SOME_GOOGLE_QUERY_PARAMS_FOR_SIGNED_URL
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
access-control-request-headers: authorization
access-control-request-method: GET
cache-control: no-cache
origin: null
pragma: no-cache
referer: http://localhost:3000/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0Chrome/90.0.4430.72 Safari/537.36
我的大问题是:为什么预检请求中的“原点”标头为“空”?
我的问题是浏览器无法下载签名的 url 文件的 CORS 问题。我在存储桶上的 CORS 设置是:
[{"origin": ["*"]}]
所以我看到的唯一问题是“空”标头,它阻止 GCS 使用正确的 CORS 标头进行响应。
为什么在跟随重定向时将标头fetch设置为?有什么办法可以防止这种情况?originnull