2

I have been encountering error in storing a file to Object Storage using HTTP POST method sent using Async XMLHttpRequest. The request is a CORS HTTP request sent to the Object storage public URL with required headers set. The error message says: Reason: CORS header Access-Control-Allow-Origin missing.

The error seems to happen with multipart form data send request using POST. If PUT is used to create the file, the required file (resource) gets created. The response to the PUT request contains the required Access-Control-Allow-Origin header, whereas the response to POST does not contain despite the meta data attributes being set on the container.

I have even tried using X_AUTH_TOKEN header instead of X_STORAGE_TOKEN, but the failure continues to happen.

Raised the ticket with Softlayer support, but have not received a solution. Any ideas to resolve the above would be helpful.

The details are below:

The container prod_file has following meta data attributes set:

access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-origin : *
  • The Firefox browser version is: Mozilla Firefox 46.0
  • Client OS is: Linux 3.16.0-71-generic #91~14.04.1-Ubuntu SMP Mon Apr 18 1K9:43:36 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
  • Request URL: https://*****.objectstorage.softlayer.net/v1/AUTH_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/prod_file/6ffb51fc-e40f-4cf5-982c-44cb5c342851.fl.file.orig.txt
  • Request HTTP Method: POST
  • Mechanism used: Async XMLHttpRequest

Request Headers:

Host: *****.objectstorage.softlayer.net
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Storage-Token: AUTH_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Referer: http://*****myorg******.com/organization/572680760cf26af856c7432c/resources
Content-Length: 4500
Content-Type: multipart/form-data; boundary=---------------------------2139255891192408661525197545
Origin: http://*****myorg******.com
Connection: keep-alive

Response Headers:

Connection: keep-alive
Content-Length: 50
Content-Type: text/plain
Date: Sat, 14 May 2016 14:57:02 GMT
X-Trans-Id: *****Some Transaction Id********

The error response has the following message:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://*****.objectstorage.softlayer.net/v1/AUTH_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/prod_file/6ffb51fc-e40f-4cf5-982c-44cb5c342851.fl.file.orig.txt. (Reason: CORS header 'Access-Control-Allow-Origin' missing)

Thanks for the help in advance.

Michal Foksa
  • 11,225
  • 9
  • 50
  • 68
ag_
  • 21
  • 3
  • `Access-Control-Allow-Origin` is a header intended for user agent (browser) to decide wheader to acually send a request, or expose/suppress server response to the client (javascript, etc.), so `access-control-expose-headers: Access-Control-Allow-Origin` is not needed to be set in server settings. – Michal Foksa May 15 '16 at 08:31
  • Hello @Michal Foksa

    Thanks for improvements. The server needs to be configured to inform the browser that the CORS requests are accepted. The object storage solution enables uses to set these attributes at container level. Hence setting the access-control-expose-headers: Access-Control-Allow-Origin for the container on the server.

     – ag_ May 15 '16 at 12:00
  • Interesting. I do not know about the particular server you are using, but what I said is valid in CORS as general. You are welcome. – Michal Foksa May 15 '16 at 13:56

1 Answers1

0

It looks like you set wrong the headers for your container, please take a look this documentation and try it:

http://docs.openstack.org/developer/swift/cors.html

https://swiftstack.com/blog/2013/04/02/using-cors-with-swift/

Renember that softlayer object storage is based in Open Stack.

Let me know if you are still having troubles

Regards

Nelson Raul Cabero Mendoza
  • 4,386
  • 1
  • 14
  • 19