Problem to configure Digital Ocean Spaces with CORS

February 8, 2019 1k views
API Object Storage System Tools

Hi everyone,

I would like to send a PUT request to our Digital Ocean Spaces Bucket using as outlined int the docs:
see the API docs

Using Postman I can upload an object to the Spaces bucket (authorization headers seem to be calculated correctly). However when I try it with the browser /client I get the following CORS error

Failed to load resource: the server responded with a status of 403 (Forbidden) [https://bucketname.sgp1.digitaloceanspaces.com/Nx43jBxWbBSQcCYHfKOARe2Buml2/recordings/6b4eea96-0fbc-469a-91c6-8bea5eb3a18d/testUpload.txt]
Access to XMLHttpRequest at 'https://bucketname.sgp1.digitaloceanspaces.com/Nx43jBxWbBSQcCYHfKOARe2Buml2/recordings/6b4eea96-0fbc-469a-91c6-8bea5eb3a18d/testUpload.txt' from origin 'https://hostname.local' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. [https://hostname.local/settings]
Network Error

I changed bucket and hostname for obvious reasons.

Of course I tried to setup the CORS configuration in both the client as well as in DO spaces itself but I did not succeed after many hours. In DO spaces the Origin is set to * (wildcard) and I included / allowed all headers which are present in the clients request. Access Control Max Age is still set to zero as I don't fully understand it, however changing it also did not alter anything.

Please also note that I am using NginX and Docker, so the client application running inside a docker container which is gated through the NginX server.

Most surprising to me is the fact that the error message says that the RESPONSE HEADER did not include the 'Access-Control-Allow-Origin' field, which means (in my understanding) that the DO spaces server did not respond correctly?!? So a side question is here: is there any way to change the response header form the DO spaces server?

I am very thankful for any help or suggestions.

Best, Caspar

Be the first one to answer this question.