Hi All.
I have an application in development which successfully stores objects in another S3 compatible service using the Amazon S3 client (v3).
Porting this to work with a QNAP device.
Have configured QuObjects as documented, and configured a reverse proxy via the system panel to inject the required cors allow header values.
When I try and access the s3 endpoint, the CORS pre-flight request is failing with a 401 (not authorized) status.
The response headers have a Www-authenticate setting:
Www-Authenticate: Swift realm=“unknown”
I’ve never seen this before.
Is there a setting somewhere to control this behaviour?
What am I missing?
Any tips or clues on how to do this?
This is the request:
OPTIONS /my-bucket/admin/Screenshot%20from%202025-03-03%2010-59-50.png?uploads= HTTP/1.1
Host: 10.255.5.55:8443
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: amz-sdk-invocation-id,amz-sdk-request,authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-user-agent
Referer: http://localhost:5173/
Origin: http://localhost:5173
Connection: keep-alive
Priority: u=4
This is the response:
HTTP/1.1 401 Unauthorized
Date: Tue, 04 Mar 2025 05:50:37 GMT
Server: Apache/2.4.62 (Unix) OpenSSL/3.0.9
Content-Type: text/html; charset=UTF-8
Www-Authenticate: Swift realm="unknown"
Content-Length: 131
X-Trans-Id: tx4d588e7fefe2413ea4c96-0067c694ad
Access-Control-Allow-Origin: http://localhost:5173
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD,OPTIONS
Access-Control-Allow-Headers: amz-sdk-invocation-id,amz-sdk-request,authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-user-agent
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: amz-sdk-invocation-id,amz-sdk-request,authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-user-agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
cheers -sab-