Firebase-Storage Access to fetch at '..' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
I am tying to load an image using the following code:
const blob = await fetch(
"https://firebasestorage.googleapis.com/...?alt=media"
)
.then((r) => r.blob())
const reader = new FileReader();
reader.onload = function() {
const objectUrl = reader.result as string;
// do something with object url
};
reader.readAsDataURL(blob);
But, I get the following CORS blocked error in the browser console:
Access to image at 'https://firebasestorage.googleapis.com/...?alt=media' from origin 'http://localhost:5000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
If I paste the url in browser's address bar, the image loads successfully which implies that the resource exists and the resource path is correct.
I looked up for how to fix this error and found the following stackoverflow posts:
- Firebase Storage and Access-Control-Allow-Origin
- Firebase Storage Access to fetch at '..' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
Both the above posts recommend that I create the following CORS config and update it using the gsutil CLI tool.
[
{
"origin": ["*"],
"method": ["GET"],
"maxAgeSeconds": 3600
}
]
I opened Cloud Shell from my GCP account and used the following gsutil command to update the CORS configuration of my bucket.
$ gsutil cors set cors.json gs://my-bucket-name
I even performed a read query to see if the CORS config was updated correctly and I got the following result:
$ gsutil cors get gs://my-bucket-name
[{"maxAgeSeconds": 3600, "method": ["GET"], "origin": ["*"]}]
I thought adding "OPTIONS" method in the config might help, but no luck.
I hope I am not doing something silly. Any pointers to how I can debug this would also be appreciated.
Following is the snapshot of my network tab having more details about the request:
After banging my head over this issue for a couple of days, I thought of trying to reproduce this issue with a brand new firebase project and in incognito window and I wasn't able to. So, I tried to run my original project in incognito and to my surprise, I didn't see any CORS issue there.
I remembered that my images come with a cache control header with maxage as 1 year so I hypothesized that maybe the browser has cached the previous CORS blocked response for a year and it was indeed true because appending a dummy query parameter to the url made the fetch request to succeed. So, to fix this issue, I disabled the cache in the browser and refreshed the page and, surprise surprise, everything worked. Once everything works, you can re-enable the cache because browser must have invalidated the old cached responses.
So, if you were only getting this issue during your development phase, you could easily fix this by disabling cache for 1 page refresh and then re-enabling it. However, if you have already deployed this to production and your users are seeing this issue, you could consider changing the urls for the images so that browser is forced to make a new request or a hacky fix would be to add a dummy query parameter at the end of the url.
- java.lang.IllegalAccessError: superclass access check failed: class org.jetbrains.kotlin.kapt3.base.javac.KaptJavaCompiler?
- Firebase database is throwing "Firebase error. Please ensure that you spelled the name of your Firebase correctly"
- Difference between merge and mergeFields in Firebase Firestore DocumentReference.set()
- Can't init firebase cloud storage due to cloud resource location
- How to connect firebase firestore with my local firebase emulator suite?
- Delete a field from Firestore, with a dynamic key
- Error: HTTP Error 400, The Request has errors. Firebase Firestore Cloud Functions
- Firebase-Storage Access to fetch at '..' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
- Firebase query if child of child contains a value
- How to signInWithEmail with Firebase in Deno's framework?
- minimumFetchInterval in Firebase remote config
- type 'List<Object?>' is not a subtype of type 'PigeonUserDetails?' in type cast
- Firebase Auth: Requests from this Android client application com.xxx are blocked
- Service firestore is not available or No Firebase App with getFirestore
- "TypeError: functions.firestore.document is not a function in Firebase Cloud Functions"
- Flutter Firebase Auth Redirection Not Working After Login When Previously Logged In and Then Logged Out
- Firebase simulate read denied
- Google sign in not working after publishing in play store
- The shrinker may have failed to optimize the Java bytecode
- Problems to upload APN certifcates Firebase
- Get choosen categories from firebase database
- Is it possible to filter on multiple map values in Firestore
- Background notifications not working in release mode - _firebaseMessagingBackgroundHandler is being triggered
- Firestore BatchWrite vs Transactions
- How to make rules in Firebase Realtime Database that make it possible to securely create or delete "alias"?
- Most ideal way to call firebase getIdToken
- Unhandled Exception: [cloud_firestore/unknown] Unable to establish connection on channel
- Delete a Document with all Subcollections and Nested Subcollections in Firestore
- What is the Character Limit for Message text in Firebase console based notification?
- Firebase hosting showing welcome page after deploying angular 6 app?