starred/fake-gcs-server

Fork 0

mirror of https://github.com/fsouza/fake-gcs-server.git synced 2026-04-25 21:55:56 +03:00

[GH-ISSUE #1117] CORS Allow origin #168

New issue

Open

opened 2026-03-03 12:08:52 +03:00 by kerem · 5 comments

kerem commented

2026-03-03 12:08:52 +03:00

Owner

Originally created by @Nicobas on GitHub (Apr 3, 2023).
Original GitHub issue: https://github.com/fsouza/fake-gcs-server/issues/1117

Hi!

My api I generate signed links for download/upload files. When I use these links from my front-end in Vue.js I get CORS errors telling me that the origin is not the right one. fake-gcs-server is running with docker on localhost:8001 and my front-end on localhost:1234. In the code of this project there seems to be an "Access-Control-Allow-Origin: *" rule but it doesn't work. How can I authorize my front end to acces to these ressources?

This is my docker compose config :

  storage:
    container_name: b4m-storage
    image: fsouza/fake-gcs-server:1.44
    volumes:
      - ./.tmp/storage_data:/storage
    ports:
      - "8081:8081"
    command: ["-scheme", "http", "-port", "8081", "-external-url", "http://localhost:8081", '-public-host', "localhost:8081"]

Thanks

Originally created by @Nicobas on GitHub (Apr 3, 2023). Original GitHub issue: https://github.com/fsouza/fake-gcs-server/issues/1117 Hi! My api I generate signed links for download/upload files. When I use these links from my front-end in Vue.js I get CORS errors telling me that the origin is not the right one. fake-gcs-server is running with docker on localhost:8001 and my front-end on localhost:1234. In the code of this project there seems to be an "Access-Control-Allow-Origin: *" rule but it doesn't work. How can I authorize my front end to acces to these ressources? This is my docker compose config : ``` storage: container_name: b4m-storage image: fsouza/fake-gcs-server:1.44 volumes: - ./.tmp/storage_data:/storage ports: - "8081:8081" command: ["-scheme", "http", "-port", "8081", "-external-url", "http://localhost:8081", '-public-host', "localhost:8081"] ``` Thanks

kerem commented

2026-03-03 12:08:53 +03:00

Author

Owner

@fsouza commented on GitHub (May 2, 2023):

Hmm, that should work. Can you provide more details on the error you get from the frontend?

@fsouza commented on GitHub (May 2, 2023): Hmm, that should work. Can you provide more details on the error you get from the frontend?

kerem commented

2026-03-03 12:08:53 +03:00

Author

Owner

@psigen commented on GitHub (Jan 3, 2024):

I am getting the same error in my frontend. Here is the full line from my browser:

Access to XMLHttpRequest at 'http://localhost:8000/my-files/uploads/287f2dc8-82fe-4c9f-9bc9-5679c6860dfc/ZmVhdHVyZXR5cGUuU1RM?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=[...]&X-Goog-Date=20240103T042045Z&X-Goog-Expires=3600&X-Goog-SignedHeaders=host&X-Goog-Signature=[...]' from origin 'http://localhost:5173' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I am testing with the options:

["-external-url", "http://localhost:8000", "-public-host", "localhost:8000", "-scheme", "both"]

@psigen commented on GitHub (Jan 3, 2024): I am getting the same error in my frontend. Here is the full line from my browser: ``` Access to XMLHttpRequest at 'http://localhost:8000/my-files/uploads/287f2dc8-82fe-4c9f-9bc9-5679c6860dfc/ZmVhdHVyZXR5cGUuU1RM?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=[...]&X-Goog-Date=20240103T042045Z&X-Goog-Expires=3600&X-Goog-SignedHeaders=host&X-Goog-Signature=[...]' from origin 'http://localhost:5173' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. ``` I am testing with the options: ``` ["-external-url", "http://localhost:8000", "-public-host", "localhost:8000", "-scheme", "both"] ```

kerem commented

2026-03-03 12:08:53 +03:00

Author

Owner

@mattkindy commented on GitHub (Jun 29, 2024):

Similar situation, failed during preflight, attempting to upload to signed url.

Docker Compose

  cloud-storage-emulator:
    image: fsouza/fake-gcs-server:latest
    command: -scheme http -public-host localhost:8125 -external-url http://localhost:8125
    profiles:
      - local
    ports:
      - 8125:4443

I set up my buckets like

  const name = bucket.name;
  const request: CreateBucketRequest = {
    userProject: "nimbus-app-dev",
    location: bucket.location,
    cors: [
      {
        origin: ["http://localhost:3000"],
        responseHeader: ["Content-Type", "Access-Control-Allow-Origin"],
        method: ["GET", "HEAD", "PUT", "POST", "DELETE"],
      },
    ],
  };

  console.log(`Creating bucket ${name}: ${JSON.stringify(request, null, 2)}`);
  const [result] = await storage.createBucket(name, request);

  console.log(`Created bucket ${JSON.stringify(result, null, 2)}`);

Error

Access to fetch at 'http://localhost:8125/nimbus-app-dev-file-storage/clt97320x0000xdnrquarnpd3/product-requirements-docs/cly0d2vqt0003k0pfu8l3ct52?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=72882496521-compute%40developer.gserviceaccount.com%2F20240629%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20240629T181429Z&X-Goog-Expires=900&X-Goog-SignedHeaders=content-type%3Bhost&X-Goog-Signature=21749f6a4c3147a1cff456be375950a5fe7d656506af222d7beb69c235259bca081c58ff7360ce6edda02e8a76bdabec62a8aba54c997efdb304bd1dd9d4e325058c6d8ce3801efd9ee02e6dba5a0d8d22a5240e12d7ca4ddd129a5f48ed88c185ea95cf98644e090677e5ac77241e355f76c06ded30bd6b9edeaf8ef2098166d7c78524861d3f51f636922501e2af4bb34f62ceca10a20b53070b036cef4783db77dc7a273c17a7afaf9eb9aa7cfffbeb7ce1cd5929445f811bd6a242230bb6585b3767ee33cc7d7c2cbe1d1a258f6a66ee4e874afbcb015bd40879dc1163492333fac592ec34fff63d4b44abaff5bd615e97bfe4c138b17697f39dcfb5fb43' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Server Request Log

cloud-storage-emulator-1  | time=2024-06-29T19:00:33.309Z level=INFO msg="192.168.228.1 - - [29/Jun/2024:19:00:33 +0000] \"OPTIONS /nimbus-app-dev-file-storage/clt97320x0000xdnrquarnpd3/product-requirements-docs/cly0d2vqt0003k0pfu8l3ct52?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=72882496521-compute%40developer.gserviceaccount.com%2F20240629%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20240629T190033Z&X-Goog-Expires=900&X-Goog-SignedHeaders=content-type%3Bhost&X-Goog-Signature=9c8de69014bd8d1d48cc8920e09bc67897e879c8bb5dc74dcdbb10e9b3cbfcbcdfbd7d880bc07431336ede3d7934376ebe1524f57f6d0b0c5a19a815a0f0403dc25ac59328e1426f589b7c8dce84f36a56cb01759f80178dc88121c2c0fcf2802d191c4a69db27f630b888c8ff55354dca62b3086a80eeaf28676aa7202f08d38a946b169a9e9a958c8e29bc9ec6923eaa1a2fe6d61b0e042dadd293942febc240d42904dfad0e5f8342239cff89d469e88923174e496853f0ab5fe00f046d9fdcba77f391e4f6e16022dd28263a789306f423836cd31441d1f2877c2f9b7a8c2bd2a6f319563ed9dd82a4eac7ed43166b915db5183f7a882d31377112fc28c1 HTTP/1.1\" 403 0\n"

For fun, I tried changing CORS in bucket creation request to use host.docker.internal, but this didn't change anything.

@mattkindy commented on GitHub (Jun 29, 2024): Similar situation, failed during preflight, attempting to upload to signed url. **Docker Compose** ```yaml cloud-storage-emulator: image: fsouza/fake-gcs-server:latest command: -scheme http -public-host localhost:8125 -external-url http://localhost:8125 profiles: - local ports: - 8125:4443 ``` I set up my buckets like ```ts const name = bucket.name; const request: CreateBucketRequest = { userProject: "nimbus-app-dev", location: bucket.location, cors: [ { origin: ["http://localhost:3000"], responseHeader: ["Content-Type", "Access-Control-Allow-Origin"], method: ["GET", "HEAD", "PUT", "POST", "DELETE"], }, ], }; console.log(`Creating bucket ${name}: ${JSON.stringify(request, null, 2)}`); const [result] = await storage.createBucket(name, request); console.log(`Created bucket ${JSON.stringify(result, null, 2)}`); ``` **Error** ``` Access to fetch at 'http://localhost:8125/nimbus-app-dev-file-storage/clt97320x0000xdnrquarnpd3/product-requirements-docs/cly0d2vqt0003k0pfu8l3ct52?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=72882496521-compute%40developer.gserviceaccount.com%2F20240629%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20240629T181429Z&X-Goog-Expires=900&X-Goog-SignedHeaders=content-type%3Bhost&X-Goog-Signature=21749f6a4c3147a1cff456be375950a5fe7d656506af222d7beb69c235259bca081c58ff7360ce6edda02e8a76bdabec62a8aba54c997efdb304bd1dd9d4e325058c6d8ce3801efd9ee02e6dba5a0d8d22a5240e12d7ca4ddd129a5f48ed88c185ea95cf98644e090677e5ac77241e355f76c06ded30bd6b9edeaf8ef2098166d7c78524861d3f51f636922501e2af4bb34f62ceca10a20b53070b036cef4783db77dc7a273c17a7afaf9eb9aa7cfffbeb7ce1cd5929445f811bd6a242230bb6585b3767ee33cc7d7c2cbe1d1a258f6a66ee4e874afbcb015bd40879dc1163492333fac592ec34fff63d4b44abaff5bd615e97bfe4c138b17697f39dcfb5fb43' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. ``` **Server Request Log** ``` cloud-storage-emulator-1 | time=2024-06-29T19:00:33.309Z level=INFO msg="192.168.228.1 - - [29/Jun/2024:19:00:33 +0000] \"OPTIONS /nimbus-app-dev-file-storage/clt97320x0000xdnrquarnpd3/product-requirements-docs/cly0d2vqt0003k0pfu8l3ct52?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=72882496521-compute%40developer.gserviceaccount.com%2F20240629%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20240629T190033Z&X-Goog-Expires=900&X-Goog-SignedHeaders=content-type%3Bhost&X-Goog-Signature=9c8de69014bd8d1d48cc8920e09bc67897e879c8bb5dc74dcdbb10e9b3cbfcbcdfbd7d880bc07431336ede3d7934376ebe1524f57f6d0b0c5a19a815a0f0403dc25ac59328e1426f589b7c8dce84f36a56cb01759f80178dc88121c2c0fcf2802d191c4a69db27f630b888c8ff55354dca62b3086a80eeaf28676aa7202f08d38a946b169a9e9a958c8e29bc9ec6923eaa1a2fe6d61b0e042dadd293942febc240d42904dfad0e5f8342239cff89d469e88923174e496853f0ab5fe00f046d9fdcba77f391e4f6e16022dd28263a789306f423836cd31441d1f2877c2f9b7a8c2bd2a6f319563ed9dd82a4eac7ed43166b915db5183f7a882d31377112fc28c1 HTTP/1.1\" 403 0\n" ``` For fun, I tried changing CORS in bucket creation request to use `host.docker.internal`, but this didn't change anything.

kerem commented

2026-03-03 12:08:54 +03:00

Author

Owner

@mattkindy commented on GitHub (Jun 29, 2024):

Looking at the source code, seems like that's probably related to https://github.com/fsouza/fake-gcs-server/issues/1025 ? Along with github.com/fsouza/fake-gcs-server@8ffae7259d/fakestorage/server.go (L317) and github.com/fsouza/fake-gcs-server@8ffae7259d/fakestorage/server.go (L135) not using the info.

@mattkindy commented on GitHub (Jun 29, 2024): Looking at the source code, seems like that's probably related to https://github.com/fsouza/fake-gcs-server/issues/1025 ? Along with https://github.com/fsouza/fake-gcs-server/blob/8ffae7259d45be7c8aac5ecac71ff324a831178d/fakestorage/server.go#L317 and https://github.com/fsouza/fake-gcs-server/blob/8ffae7259d45be7c8aac5ecac71ff324a831178d/fakestorage/server.go#L135 not using the info.

kerem commented

2026-03-03 12:08:54 +03:00

Author

Owner

@mattkindy commented on GitHub (Jun 29, 2024):

For me, it looked like I had a x-goog-content-length-range header that was causing it. I was able to work around this by including -cors-headers x-goog-content-length-range into the docker command

@mattkindy commented on GitHub (Jun 29, 2024): For me, it looked like I had a `x-goog-content-length-range` header that was causing it. I was able to work around this by including `-cors-headers x-goog-content-length-range` into the docker command