6

I am trying out Rail 5.2.0.rc1 Active Storage, using its included JavaScript library to upload PDF docs directly from the client to the cloud. But on submitting a form I get a browser error in both Firefox & Chrome: 

Cross-Origin Request Blocked... (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Headers are set thus this.xhr.setRequestHeader... in the activestorage.js and dont appear to be configurable: https://github.com/rails/rails/blob/master/activestorage/app/javascript/activestorage/blob_record.js

any suggestions anyone?

KeithP
  • 1,653
  • 12
  • 23

1 Answers1

15

Try setting the CORS permission on the S3 bucket with the following:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Tom Rossi
  • 10,170
  • 5
  • 55
  • 85
  • Thanks, yes that solves it. Next issue though is 403 forbidden is returned, which of course goes away if I grant full public access on the S3 bucket. But hopefully we dont have to do that? – KeithP Mar 20 '18 at 23:26
  • Are you sure the URL isn't expired? – Tom Rossi Mar 21 '18 at 14:09
  • If only that were the case! No, this appears to be about granting the right permissions on the bucket in AWS. To investigate have saved a bucket policy granting full access to the account ( "Action": "s3:*" ), then logged in as that account. But as that user I get access denied when trying to download a file I just uploaded! – KeithP Mar 21 '18 at 15:39
  • All of the steps we took to get direct upload working are here: https://keithpblog.org/post/active-storage-on-amazon-s3/ – KeithP Mar 22 '18 at 15:12
  • Answer still works on Rails 5.2.4 while developing locally on my machine (localhost:3000). – rrrrrraul Jan 27 '20 at 06:49