Your company has an application running on App Engine that allows users to upload music files and share them with other people. You want to allow users to upload files directly into Cloud Storage from their browser session. The payload should not be passed through the backend. What should you do?
To allow users to upload files directly into Cloud Storage from their browser session without passing the payload through the backend, you need to set a CORS (Cross-Origin Resource Sharing) configuration in the target Cloud Storage bucket. This will enable your App Engine application to interact with the Cloud Storage bucket. Additionally, using the Cloud Storage Signed URL feature will generate a temporary POST URL, which allows users to upload files directly to Cloud Storage, ensuring that the payload does not pass through the backend and maintains security with time-limited access.
It should be A. Since it is stated that the payload should not passed from the backend and be send directly to the bucket, then a CORS configuration should be set to the bucket.
Not sure is A or C. I will go with C. https://cloud.google.com/blog/products/storage-data-transfer/uploading-images-directly-to-cloud-storage-by-using-signed-url
There is no any relationship between App engine application and cloud storage. You need bind them.
A: https://cloud.google.com/storage/docs/cross-origin#server-side-support "Cloud Storage supports this specification by allowing you to configure your buckets to support CORS. Continuing the above example, you can configure the example.storage.googleapis.com bucket so that a browser can share its resources with scripts from example.appspot.com."
Signed URL is for TIme-Based access. This needs access all the time.
C is the Answer. https://cloud.google.com/storage/docs/cross-origin
if its cross-origin. Then why C is answer? Shouldn't it be A
https://cloud.google.com/blog/products/storage-data-transfer/uploading-images-directly-to-cloud-storage-by-using-signed-url
The correct answer is A
I'm also not sure either A or C. But in my PCA exam today, I choose C. And I have passed.
It's between A and C. But if you select C then you have to justify the use of "Use App Engine default credentials to sign requests against Cloud Storage. " hence go with option A.
I would go for A as per its definition and it works good that way
A. 1. Set a CORS configuration in the target Cloud Storage bucket where the base URL of the App Engine application is an allowed origin. 2. Use the Cloud Storage Signed URL feature to generate a POST URL. Here's why this approach is most suitable: • CORS configuration: This allows cross-origin requests from your App Engine application to access the Cloud Storage bucket for uploads. Setting the App Engine base URL as an allowed origin ensures secure communication. • Cloud Storage Signed URL: This feature generates a temporary URL with specific permissions and expiration time. You can provide this signed URL to the user's browser for uploading files directly to Cloud Storage. The payload (music file) doesn't pass through your backend, reducing server load.