跨域资源共享 (CORS) 允许不同来源的资源之间进行交互.默认情况下，在 Google Cloud Storage 中，它被禁止/禁用以防止恶意行为.

Cross Origin Resource Sharing (CORS) allows interactions between resources from different origins. By default, in Google Cloud Storage it is prohibited/disabled in order to prevent malicious behavior.

您可以使用 Cloud Libraries、Rest API 或 Cloud SDK，请记住以下规则:

You can enable it either using Cloud Libraries, Rest API or Cloud SDK, keeping in mind following rules:

1. 使用具有云存储类型权限的用户/服务帐户进行身份验证:FULL_CONTROL.

使用 XML API 获取正确的 CORS 标头，使用两个 URL 之一:

Using XML API to get proper CORS headers, use one of the two URLs:

- storage.googleapis.com/[BUCKET_NAME]
- [BUCKET_NAME].storage.googleapis.com

Origin storage.cloud.google.com/[BUCKET_NAME] 不会响应 CORS 标头.

Origin storage.cloud.google.com/[BUCKET_NAME] will not respond with CORS header.

1. 请求需要正确的 ORIGIN 标头以匹配 CORS 故障排除文档，如果是您的代码:

1. Request need proper ORIGIN header to match bucket policy ORIGIN configuration as stated in the point 3 of the CORS troubleshooting documentation, in case of your code:

headers = {
    'ORIGIN': '*'
}
response = requests.put(url, data='some data', headers=headers)

for header in response.headers.keys():
    print(header)

给出以下输出:

X-GUploader-UploadID
ETag
x-goog-generation
x-goog-metageneration
x-goog-hash
x-goog-stored-content-length
x-goog-stored-content-encoding
Access-Control-Allow-Origin
Access-Control-Expose-Headers
Content-Length
Date
Server
Content-Type