XMLHttpRequest file upload to Spaces fails due to CORS issue
I’m trying to upload a file to Spaces using XMLHttpRequest with a pre-signed url generated by the boto3 Python library. I’m using the v2 signature type as the AWS v4 signature is not supported (yet). (https://www.digitalocean.com/community/questions/signed-urls-for-private-objects-in-spaces)
I have enabled CORS policies for this particular host like this:
<CORSConfiguration> <CORSRule> <AllowedOrigin>http://XXX</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> <AllowedMethod>PUT</AllowedMethod> <AllowedMethod>POST</AllowedMethod> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration>
The preflight OPTIONS http request actually returns the appropriate headers like this:
Access-Control-Allow-Headers:content-type Access-Control-Allow-Methods:PUT Access-Control-Allow-Origin:http://XXX Content-Length:0 Date:Wed, 15 Nov 2017 15:41:08 GMT Strict-Transport-Security:max-age=15552000; includeSubDomains; preload Vary:Origin x-amz-request-id:tx000000000000003236214-005a0c6014-7ded-ams3a
In the actual PUT request which upload the file payload the headers returned by the Digital Ocean does not return the required Acces-Control-Allow-Origin header though:
Accept-Ranges:bytes Content-Length:187 Content-Type:application/xml Date:Wed, 15 Nov 2017 15:41:08 GMT Strict-Transport-Security:max-age=15552000; includeSubDomains; preload x-amz-request-id:tx00000000000000323b494-005a0c6014-ae42-ams3a
This finally results in a 403 Forbidden error. I’m really in the dark on this one, any insight would be highly appreciated..
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.