Fatal编程技术网
  • amazon-s3/
  • Amazon s3 AmazonS3和CORS需要什么配置?

Amazon s3 AmazonS3和CORS需要什么配置?

amazon-s3 cors

Amazon s3 AmazonS3和CORS需要什么配置?,amazon-s3,cors,Amazon S3,Cors,据我所知,让s3返回访问控制允许源站标题所需的唯一配置是设置CORS策略并发送源站标题 以下是我的CORS政策: <?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>*</AllowedOrigin>

据我所知,让s3返回
访问控制允许源站
标题所需的唯一配置是设置CORS策略并发送
源站
标题

以下是我的CORS政策:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>HEAD</AllowedMethod>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>
我得到了以下标题的响应:

Accept-Ranges →bytes
Cache-Control →public
Content-Length →893
Content-Type →image/png
Date →Thu, 09 Jan 2014 22:27:20 GMT
ETag →"5345e98a3abcb1057d1a427551d8d702"
Last-Modified →Thu, 09 Jan 2014 19:27:56 GMT
Server →AmazonS3
x-amz-id-2 →2AFNGowXCkLUJa09ZNERXqzxn5IwnygTKCXut0m0gvpapjxXn/kAPYQNvv4pYvVy
x-amz-request-id →71B183AF938A075D
据我所知,
Access Control Allow Origin
头应该包含在这个响应中。我错过了什么

编辑:

这就是我所缺少的:我使用的是邮递员浏览器扩展。Chrome会在发出请求时清理源文件头,即使来自扩展。它抛出错误
拒绝设置不安全的标题“Origin”
,我错过了这个错误

我们可以通过curl看到这实际上是有效的:

curl -H "Origin: https://www.test.com" -I "https://dta-test.s3.amazonaws.com/dots.png" -s
HTTP/1.1 200 OK
x-amz-id-2: NnRAOdCOpMCtZ8Jk1bpnuRASb0K/gzM0Vv/6D28C6grcbEZoe2OC0cuu3SMwDaXe
x-amz-request-id: 70110890812CAC58
Date: Thu, 09 Jan 2014 23:03:41 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Cache-Control: public
Last-Modified: Thu, 09 Jan 2014 19:27:56 GMT
ETag: "5345e98a3abcb1057d1a427551d8d702"
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 893
Server: AmazonS3
如果您在响应中未收到ACAO标头,则您的请求不包含原始标头。你需要仔细考虑你的请求。我不确定您是如何检查标题的。我使用的是Postman Chrome扩展。如果您是通过Postman人工添加原始标题,Chrome将忽略这一点。如果您打开开发工具,您可能会看到实际发送的请求不包含源标题。谢谢。就这样。 
curl -H "Origin: https://www.test.com" -I "https://dta-test.s3.amazonaws.com/dots.png" -s
HTTP/1.1 200 OK
x-amz-id-2: NnRAOdCOpMCtZ8Jk1bpnuRASb0K/gzM0Vv/6D28C6grcbEZoe2OC0cuu3SMwDaXe
x-amz-request-id: 70110890812CAC58
Date: Thu, 09 Jan 2014 23:03:41 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Cache-Control: public
Last-Modified: Thu, 09 Jan 2014 19:27:56 GMT
ETag: "5345e98a3abcb1057d1a427551d8d702"
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 893
Server: AmazonS3