Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
cpu from 13% to 100% in one minute Question Question
Problem installing wordpress on subdomain (nginx / ubuntu) Question Question

Question

Setting Access-Control-Allow-Origin in my space doesn't work with *

Posted August 7, 2019 9.2k views
DigitalOceanUbuntu 16.04React

I’ve set my headers in my space to be Access-Control-Allow-Origin:* with all permissions set. Every time I load in an image from the space onto my localhost, every request to that image doesn’t work. Here’s an image you can try it on: https://go-edit.sfo2.digitaloceanspaces.com/1/1565117740336-dog.g-1q0nvMe.jpeg

What gives? I keep getting an error that I feel I shouldn’t be receiving after setting it.

Thanks in advance!

Add a comment
2hands10fingers
By:
2hands10fingers
edited by MattIPv4

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
cpu from 13% to 100% in one minute Question Question
Problem installing wordpress on subdomain (nginx / ubuntu) Question Question
Add a comment
2 comments
  • MattIPv4 August 8, 2019
    Reply Report

    Hey there @2hands10fingers,

    When I attempt to request this image, it resolves correctly but it looks like the CORS header isn’t set?

    • curl -I https://go-edit.sfo2.digitaloceanspaces.com/1/1565117740336-dog.g-1q0nvMe.jpeg

    Output
    HTTP/1.1 200 OK
Content-Length: 22621
Accept-Ranges: bytes
Last-Modified: Tue, 06 Aug 2019 18:55:40 GMT
ETag: "61edfce11ffd265ceea0769d1d20bf6b"
x-amz-request-id: tx000000000000104f17ab9-005d4be617-23e283-sfo2a
Content-Type: application/octet-stream
Date: Thu, 08 Aug 2019 09:06:31 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
  • 2hands10fingers August 12, 2019
    Reply Report

    @MattIPv4 Thank you for your reply Matt. I have made a screenshot of the settings I have on the space which is hosting the images (https://imgur.com/Bci6N6M). As far as I’m aware, this is all I need to do, yet it’s not working. I’m a little new to CORS configurations, so bear with me.

    Thanks!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
dikshith August 13, 2019

Hey! Thanks for providing the screenshot!

The CORS settings for your Spaces is working and here is the curl output:

curl -v -X OPTIONS  'https://go-edit.sfo2.digitaloceanspaces.com/1/1565117740336-dog.g-1q0nvMe.jpeg' -H "Origin:https://localhost" -H "Access-Control-Request-Method: GET,PUT,POST,HEAD,DELETE"
*   Trying 138.68.32.225...
* TCP_NODELAY set
* Connected to go-edit.sfo2.digitaloceanspaces.com (138.68.32.225) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.sfo2.digitaloceanspaces.com
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
> OPTIONS /1/1565117740336-dog.g-1q0nvMe.jpeg HTTP/1.1
> Host: go-edit.sfo2.digitaloceanspaces.com
> User-Agent: curl/7.54.0
> Accept: */*
> Origin:https://localhost
> Access-Control-Request-Method: GET,PUT,POST,HEAD,DELETE
> 
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: https://localhost
< Vary: Origin
< Access-Control-Allow-Methods: GET,PUT,POST,HEAD,DELETE
< Access-Control-Max-Age: 0
< x-amz-request-id: tx000000000000112633397-005d52a396-23e283-sfo2a
< Content-Length: 0
< Date: Tue, 13 Aug 2019 11:48:38 GMT
< Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
< 
* Connection #0 to host go-edit.sfo2.digitaloceanspaces.com left intact
Reply Report
jameswilliamr September 26, 2021

Worth noting that if you have CDN enabled, it looks as though you might have to clear the cache for CORS changes to take affect.

Reply Report

Related

Looking for something else?

Ask a new question Search for more help