Google Calc. 'https://docs.google.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header

ℹ️ Support
1

Nextcloud version (eg, 18.0.2): 18.0.4
Operating system and version (eg, Ubuntu 20.04):Ubuntu 18.04.4 LTS
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.29
PHP version (eg, 7.1): PHP 7.2.24

The issue you are facing:
In Google Calc using formula for loading thumbnail images
=IMAGE(CONCATENATE("https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2FNEW%2Fcat-aksessuary.jpg&x=64&y=64");4;64;64)

In the developer tool Google Chrome on the Network tab in 10 percent of cases getting errors:

Access to image at 'https://images-docs-opensocial.googleusercontent.com/gadgets/proxy?url=https%3A%2F%2Fexample.com%2Fapps%2Ffiles_sharing%2Fpublicpreview%2FtkHsb6WsDaBmJ3H%3Ffile%3D%252FNEW%252Fcat-kanva-aida-yeidam-south-korea.jpg%26x%3D64%26y%3D64&container=docs&gadget=a&rewriteMime=image%2F*&refresh=900' from origin 'https://docs.google.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

GET https://images-docs-opensocial.googleusercontent.com/gadgets/proxy?url=https%3A%2F%2Fexample.com%2Fapps%2Ffiles_sharing%2Fpublicpreview%2FtkHsb6WsDaBmJ3H%3Ffile%3D%252FNEW%252Fcat-kanva-aida-yeidam-south-korea.jpg%26x%3D64%26y%3D64&container=docs&gadget=a&rewriteMime=image%2F*&refresh=900 net::ERR_FAILED

Apache logs
In error.log there are no errors.
In access.log only successful accesses with code 200.

CORS1
CORS11322×1414 686 KB

CORS:

  1. I tried to enable CORS on this article, but it didn’t help.
  1. I tried to enable CORS by adding Google Chrome, but it did not help.

Steps to replicate it:

  1. Open sharing on the folder with the pictures and copy the link
    https://example.com/s/tkHsb6WsDaBmJ3H?path=%2F

  2. Insert a unique name for the shared folder and image name in the Google formula Calc
    =IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-1.jpg&x=64&y=64”);4;64;64)

  3. Need 20 different images, and stretch the formula to 20 cells that would demonstrate the problem.

formuls

=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-1.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-2.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-3.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-4.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-5.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-6.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-7.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-8.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-9.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-10.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-11.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-12.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-13.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-14.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-15.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-16.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-17.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-18.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-19.jpg&x=64&y=64”);4;64;64)
=IMAGE(CONCATENATE(“https://example.com/apps/files_sharing/publicpreview/tkHsb6WsDaBmJ3H?file=%2Fimage-name-20.jpg&x=64&y=64”);4;64;64)

MY CONFIGS:

apache2.conf

$ cat /etc/apache2/apache2.conf | grep -v -E "#|^$" 
$ cat /etc/apache2/apache2.conf | grep -v -E "#|^$"

DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>
<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>
<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf

VHOST HTTP

$ cat /etc/apache2/sites-enabled/nextcloud.conf | grep -v -E "#|^$" 
$ cat /etc/apache2/sites-enabled/nextcloud.conf | grep -v -E "#|^$"

<Directory /ncloud/nextcloud/>
  Options +FollowSymlinks
  AllowOverride All
  Require all granted
 <IfModule mod_dav.c>
  Dav off
 </IfModule>
 SetEnv HOME /ncloud/nextcloud
 SetEnv HTTP_HOME /ncloud/nextcloud
</Directory>
<VirtualHost *:80>
    ServerAdmin email@example.com
    DocumentRoot /ncloud/nextcloud
    ServerName example.com
    ErrorLog ${APACHE_LOG_DIR}/example.com.info-error_log
    CustomLog ${APACHE_LOG_DIR}/example.com.info-access_log common
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

VHOST HTTPS

$ cat /etc/apache2/sites-enabled/nextcloud-le-ssl.conf | grep -v -E "#|^$" 
$ cat /etc/apache2/sites-enabled/nextcloud-le-ssl.conf | grep -v -E "#|^$"

<IfModule mod_ssl.c>
<VirtualHost *:443>
    SSLEngine on
    ServerAdmin      email@example.com
    DocumentRoot /ncloud/nextcloud
    ServerName example.com
    ErrorLog ${APACHE_LOG_DIR}/example.com.info-error_log
    CustomLog ${APACHE_LOG_DIR}/example.com.info-access_log common
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    </IfModule>
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder     on
SSLCompression          off
SSLSessionTickets       off
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(128000)

HTACCESS

# cat /ncloud/nextcloud/.htaccess | grep -v -E "#|^$" 
# cat /ncloud/nextcloud/.htaccess | grep -v -E "#|^$"

<IfModule mod_headers.c>
  <IfModule mod_setenvif.c>
    <IfModule mod_fcgid.c>
       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
    <IfModule mod_proxy_fcgi.c>
       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
  </IfModule>
  <IfModule mod_env.c>
    Header always set Referrer-Policy "no-referrer"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Download-Options "noopen"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Permitted-Cross-Domain-Policies "none"
    Header always set X-Robots-Tag "none"
    Header always set X-XSS-Protection "1; mode=block"
    SetEnv modHeadersAvailable true
  </IfModule>
  <FilesMatch "\.(css|js|svg|gif)$">
    Header set Cache-Control "max-age=15778463"
  </FilesMatch>
  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
</IfModule>
<IfModule mod_php7.c>
  php_value mbstring.func_overload 0
  php_value default_charset 'UTF-8'
  php_value output_buffering 0
  <IfModule mod_env.c>
    SetEnv htaccessWorking true
  </IfModule>
</IfModule>
<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteCond %{HTTP_USER_AGENT} DavClnt
  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
  RewriteRule ^\.well-known/host-meta /public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger /public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L]
  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
    RewriteRule ^remote/(.*) remote.php [QSA,L]
  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule ^(?:\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
</IfModule>
<IfModule mod_mime.c>
  AddType image/svg+xml svg svgz
  AddEncoding gzip svgz
</IfModule>
<IfModule mod_dir.c>
  DirectoryIndex index.php index.html
</IfModule>
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
  ModPagespeed Off
</IfModule>
ErrorDocument 403 //
ErrorDocument 404 //
<IfModule mod_rewrite.c>
  Options -MultiViews
  RewriteRule ^core/js/oc.js$ index.php [PT,E=PATH_INFO:$1]
  RewriteRule ^core/preview.png$ index.php [PT,E=PATH_INFO:$1]
  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff2?|ico|jpg|jpeg|map|webm|mp4)$
  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
  RewriteCond %{REQUEST_FILENAME} !core/img/manifest.json$
  RewriteCond %{REQUEST_FILENAME} !/remote.php
  RewriteCond %{REQUEST_FILENAME} !/public.php
  RewriteCond %{REQUEST_FILENAME} !/cron.php
  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
  RewriteCond %{REQUEST_FILENAME} !/status.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
  RewriteCond %{REQUEST_FILENAME} !/robots.txt
  RewriteCond %{REQUEST_FILENAME} !/updater/
  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
  RewriteCond %{REQUEST_FILENAME} !/ocm-provider/
  RewriteCond %{REQUEST_URI} !^/\.well-known/(acme-challenge|pki-validation)/.*
  RewriteRule . index.php [PT,E=PATH_INFO:$1]
  RewriteBase /
  <IfModule mod_env.c>
    SetEnv front_controller_active true
    <IfModule mod_dir.c>
      DirectorySlash off
    </IfModule>
  </IfModule>
</IfModule>
2

Looks like you have few files opened successfully and few not. It is strange that you can’t see 403 in apache access logs. Could be that it is rejected by e.g. Google.

Did you check nextcloud logs? May be it is rejecting.

You have to check if all problem files are accessible via direct link from your forms ( https://example.com/apps/files_sharing/publicpreview/ tkHsb6WsDaBmJ3H ?file=%2F image-name-1.jpg &x=64&y=64) in browser first.

P.S.: Why you are using previews? Could be that exact this size preview is not generated jet. You could simply enter full images with ..index.php/s/tkHsb6WsDaBmJ3H/download ?path=/&file=image-name-4.jpg.

3

May be.

In nextcloud logs no errors.

Yes, direct link all OK.

Preview image is smaller in size and faster loading. I have a few thousand rows and a table full of images loaded very long, and generate the preview are not wanted, and until recently everything seems to be working. And now generally ceased to be loaded thumbnails … after experimentation, although I brought it all back.

Yesterday I wrote an appeal to Google, but I doubt they will answer me.