Gcloud-node - How Do I Ensure That Files Uploaded To Google Cloud Storage Via Signed Urls Are Publicly Readable?

I want to allow clients (JavaScript in browser) to upload files to Google Cloud Storage, something I currently accomplish by generating signed URLs. However, the uploaded files are

Solution 1:

Controlling file ACLs is handled via the header x-goog-acl, which must also be included when calculating the signed URL. For public readability, use the value public-read.

Example client side code:

let request = new XMLHttpRequest()
request.onreadystatechange = () => {
  if (request.readyState === XMLHttpRequest.DONE) {
    if (request.status === 200) {
      console.log(`Google Cloud Storage upload was successful:`, request.responseText)
    } else {
      console.log(`Google Cloud Storage upload was not successful: ${request.status}`)
    }
  }
}

request.open('PUT', signedUrl, true)
// Don't care about content-type header for signature calculation
request.setRequestHeader('content-type', 'ignore')
request.setRequestHeader('x-goog-acl', 'public-read')
request.send(file)

Example server side code (for getting signed URL):

let gcloud = require('gcloud')
let moment = require('moment')

let gcs = gcloud.storage({
  projectId: process.env.GCLOUD_PROJECT_ID,
  credentials: {
    client_email: process.env.GCLOUD_CLIENT_EMAIL,
    private_key: process.env.GCLOUD_PRIVATE_KEY,
  },
})

let bucket = gcs.bucket('aBucket')
let cloudFile = bucket.file('aFile')
cloudFile.getSignedUrl({
  action: 'write',
  expires: moment.utc().add(1, 'days').format(),
  contentType: 'ignore',
  extensionHeaders: {'x-goog-acl': 'public-read',},
}, (error, signedUrl) => {
  if (error != null) {
    console.log(`Failed to obtain signed URL for file`)
  } else {
    console.log(`Got signed URL for file: ${signedUrl}`)
  }
})