我正在尝试将文件上传到 ovh 对象存储 (openstack swift),但遇到了问题。
在 Chrome 中我得到:
Refused to get unsafe header "Location"
我尝试通过将 'Access-Control-Expose-Headers': 'Location' 添加到请求 header 来解决此问题。但错误依然存在。
在 Firefox 中,我在控制台中得到以下信息:
OPTIONS XHR
[HTTP/1.1 200 OK 421ms]
Request Headers:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Access-Control-Request-Headers: access-control-expose-headers,tus-resumable,upload-length,upload-metadata,x-auth-token
Access-Control-Request-Method: POST
Connection: keep-alive
Host: storage.gra1.cloud.ovh.net
Origin: http://localhost:8089
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
Response Headers:
Allow: HEAD, GET, PUT, POST, OPTIONS, DELETE
Content-Length: 0
Date: Thu, 01 Feb 2018 14:55:05 GMT
X-IPLB-Instance: 12318
X-Openstack-Request-Id: txe638462886d66db5ad3c6-005a732a49
X-Trans-Id: txe638462886d66db5ad3c6-005a732a49
access-control-allow-headers: x-auth-token, upload-metadata, upload-length, tus-resumable, access-control-expose-headers
access-control-allow-methods: HEAD, GET, PUT, POST, OPTIONS, DELETE
access-control-allow-origin: *
vary: Access-Control-Request-Headers
POST XHR
[HTTP/1.1 204 No Content 579ms]
Request Headers
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Access-Control-Expose-Headers: Location
Connection: keep-alive
Content-Length: 0
Host: storage.gra1.cloud.ovh.net
Origin: http://localhost:8089
Referer: http://localhost:8089/mywebpage
Tus-Resumable: 1.0.0
Upload-Length: 4885581
Upload-Metadata: modelId RmF2b3usrGVz,name MjIyLmpwZz==,type aW1hZ2UvanBlZz==
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
X-Auth-Token: aSecret000000001
Response Headers
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-trans-id, content-language, X-Container-Read, expires, X-Storage-Policy, last-modified, etag, x-timestamp, pragma, cache-control, content-type, x-openstack-request-id
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 01 Feb 2018 14:55:05 GMT
X-IPLB-Instance: 12309
X-Openstack-Request-Id: txe638462886d66db5ad3c6-005a732a49
X-Trans-Id: txe638462886d66db5ad3c6-005a732a49
我不知道'No Content'是成功的意思,还是什么错误,反正文件没有发送,所以可能是最后一个。
我的问题: - 如何摆脱 Chrome 错误消息 - 如何获取文件。
最佳答案
Access-Control-Expose-Headers 应该由请求资源的提供者 (OpenStack Swift) 而不是客户端添加到响应中。您需要做的是配置 OpenStack Swift 以将此 header 添加到其响应中。
那么你打算怎么做呢? OpenStack 允许您为 Access-Control-Allow-Origin、Access-Control-Max-Age 和 Access-Control-Expose-Headers 设置/附加自定义值 每个容器。请看this official document了解详情。
示例:
让我们创建一个容器并设置我们想要添加到 Access-Control-Expose-Headers 的自定义 header 值,以响应对该容器中的对象发出的请求。
curl -i -X PUT -H "X-Auth-Token: yourtoken" \
-H "X-Container-Meta-Access-Control-Expose-Headers: Location" \
http://192.168.56.3:8080/v1/AUTH_test/cont1
现在,对于您在此容器中创建的每个对象,您将在 Access-Control-Expose-Headers 中看到 Location 并摆脱 Chrome 中的错误消息。
您可以在我上面链接的文档中看到您可以为每个容器配置的其余 CORS header 。
关于javascript - 拒绝在 chrome 中获取不安全的 header "Location",在 firefox 中没有内容,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48566518/