Resumable chunked upload to google storage fails with CORS

Question

I am creating a signedUrl for upload with Java SDK as follows:

        val signedUrl = storage
            .signUrl(
                BlobInfo.newBuilder(BlobId.of(contentType.bucket, objectName)).build(),
                15,
                TimeUnit.MINUTES,
                // chunked uploads of videos/audios must start with initial POST, see below
                Storage.SignUrlOption.httpMethod(HttpMethod.POST),
                Storage.SignUrlOption.withExtHeaders(
                    mapOf(
                        // https://stackoverflow.com/questions/55364969/how-to-use-gcs-resumable-upload-with-signed-url
                        "x-goog-resumable" to "start",
                    ),
                ),
                Storage.SignUrlOption.signWith(storageUploadCredentials),
                Storage.SignUrlOption.withV4Signature(),
            )
            .toString()

Notice above, I am using HttpMethod.POST so that I can create the sessionUrl for resumable upload:

        signedUrl
            .httpPost()
            // necessary to set up in CORS file
            // https://stackoverflow.com/a/53324444
            .header("x-goog-resumable", "start")
            // https://stackoverflow.com/a/29057686
            // https://stackoverflow.com/a/36798073
            .header("Origin", origin)
            .response()

Here I am passing the origin header, so that I could get correct CORS header Access-Control-Allow-Origin. However no such header is returned in the response. There should be I hope?

However when I get the location value and try to PUT to it with the Origin header, the Access-Control-Allow-Origin is missing as well. The strange thing is that if I POST to this session url, I get 405 error, but the Access-Control-Allow-Origin is there!

What am I doing wrong?

Answer 1

The reason was that HttpUrlConnection refused to add origin header and sun.net.http.allowRestrictedHeaders needed to be set to true.