By al3x5
I’m trying to upload a file to Spaces using XMLHttpRequest with a pre-signed url generated by the boto3 Python library. I’m using the v2 signature type as the AWS v4 signature is not supported (yet). (https://www.digitalocean.com/community/questions/signed-urls-for-private-objects-in-spaces)
Performing an upload from the command line using the pre-signed url is working fine. However when doing a PUT request through an XMLHttpRequest object in Javascript I’m getting an CORS related error (“No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://XXX’ is therefore not allowed access”)
I have enabled CORS policies for this particular host like this:
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>http://XXX</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
The preflight OPTIONS http request actually returns the appropriate headers like this:
Access-Control-Allow-Headers:content-type
Access-Control-Allow-Methods:PUT
Access-Control-Allow-Origin:http://XXX
Content-Length:0
Date:Wed, 15 Nov 2017 15:41:08 GMT
Strict-Transport-Security:max-age=15552000; includeSubDomains; preload
Vary:Origin
x-amz-request-id:tx000000000000003236214-005a0c6014-7ded-ams3a
In the actual PUT request which upload the file payload the headers returned by the Digital Ocean does not return the required Acces-Control-Allow-Origin header though:
Accept-Ranges:bytes
Content-Length:187
Content-Type:application/xml
Date:Wed, 15 Nov 2017 15:41:08 GMT
Strict-Transport-Security:max-age=15552000; includeSubDomains; preload
x-amz-request-id:tx00000000000000323b494-005a0c6014-ae42-ams3a
This finally results in a 403 Forbidden error. I’m really in the dark on this one, any insight would be highly appreciated…
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
@krksgbr what a coincidence, I was just about to post the solution to my own question. It turned out not to be a CORS issue at all (sorry about that DO), but related to the way the file was sent through Javascript. Apparently you have to wrap your file in a Blob object and not send it as a raw file (e.g. xhr.send(upload_file)) or through the FormData interface.
I managed to upload a file like this:
var blob = new Blob([upload_file], {type: f.upload_file}); var xhr = new XMLHttpRequest(); xhr.open(‘PUT’, v2_presigned_url); xhr.send(blob);
@al3x5 did you ever manage to find a solution? I am experiencing the same exact problem. thanks!
It is simple to solve! Just use ‘s3cmd’ command line tool:
s3cmd setcors file-with-bucket-cors.xml s3://BUCKETNAME
It is one shot config, after this, all will work perfectly!
Good luck!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.