Microsoft Azure云存储上的Cors错误
[英]Cors Error on Microsoft Azure Cloud Storage
问题描述
Hello I am having a Cors Error on Microsoft Azure Cloud Storage. 
您好,我在Microsoft Azure云存储上出现Cors错误。
I am generating my SAS as follows: 我正在生成我的SAS,如下所示:
public SAS(string containername, string id, SharedAccessBlobPermissions permissions)
{
this.id = id;
CloudStorageAccount cloudStorageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString"));
CloudBlobContainer containerReference = cloudStorageAccount.CreateCloudBlobClient().GetContainerReference("teeessssttt");
if (containerReference.CreateIfNotExists(null, null))
{
BlobConfig.configureCORS();
}
CloudBlockBlob blockBlobReference = containerReference.GetBlockBlobReference(id);
SharedAccessBlobPolicy sharedAccessBlobPolicy = new SharedAccessBlobPolicy()
{
Permissions = permissions
};
DateTime utcNow = DateTime.UtcNow;
sharedAccessBlobPolicy.SharedAccessStartTime = new DateTimeOffset?(utcNow.AddMinutes(-5));
DateTime dateTime = DateTime.UtcNow;
sharedAccessBlobPolicy.SharedAccessExpiryTime = new DateTimeOffset?(dateTime.AddMinutes(15));
string sharedAccessSignature = blockBlobReference.GetSharedAccessSignature(sharedAccessBlobPolicy);
this.HostingSite = blockBlobReference.Uri.AbsoluteUri;
this.Token = sharedAccessSignature;
this.fullurl = string.Concat(this.HostingSite, this.Token);
}
This generates something like: 这会产生类似以下内容:
{"fullurl":"https://ingenovatebeta.blob.core.windows.net/teeessssttt/7554eb72-f361-4715-a255-a5d6922706b0?sv=2013-08-15&sr=b&sig=iVL4zeytgC1H7W09lV2YZspOKlzF433oqsx9I6cfI68%3D&st=2014-10-24T05%3A58%3A13Z&se=2014-10-24T06%3A18%3A13Z&sp=w","HostingSite":"https://ingenovatebeta.blob.core.windows.net/teeessssttt/7554eb72-f361-4715-a255-a5d6922706b0","id":"7554eb72-f361-4715-a255-a5d6922706b0","Token":"?sv=2013-08-15&sr=b&sig=iVL4zeytgC1H7W09lV2YZspOKlzF433oqsx9I6cfI68%3D&st=2014-10-24T05%3A58%3A13Z&se=2014-10-24T06%3A18%3A13Z&sp=w"}
I am setting up my cors as follows: 我按以下步骤设置我的核心:
CorsRule corsRule = new CorsRule();
corsRule.AllowedOrigins.Add("https://---------------.com");
corsRule.AllowedMethods = CorsHttpMethods.Get | CorsHttpMethods.Post | CorsHttpMethods.Put |
CorsHttpMethods.Options;
corsRule.AllowedHeaders.Add("*");
corsRule.ExposedHeaders.Add("*");
corsRule.MaxAgeInSeconds = (int)TimeSpan.FromDays(5).TotalSeconds;
corsRules.Add(corsRule);
serviceProperty.Cors = corsProperty;
This works when I upload files just to the GUID. 当我仅将文件上传到GUID时,此方法有效。 For example setting my upload URI like the following works: 例如,如下所示设置我的上传URI:
$.get("/api/sas", (function (json) {
var baseUrl = json.fullurl;
myDropzone.options.url = baseUrl;
myDropzone.processFile(file);
}));
However all my files end up in my cloud storage as just the GUID's and no file names or extensions this makes it hard to retrieve the images and such. 但是,我所有的文件都以GUID的形式保存在我的云存储中,而没有文件名或扩展名,这使得检索图像等困难。 In the examples the show you can add a filename. 在示例显示中,您可以添加文件名。 I have followed the examples: 我遵循了以下示例:
$.get("/api/sas", (function (json) {
var baseUrl = json.fullurl;
var indexOfQueryStart = baseUrl.indexOf("?");
submitUri = baseUrl.substring(0, indexOfQueryStart) + '/' + file.name + baseUrl.substring(indexOfQueryStart);
myDropzone.options.url = submitUri;
myDropzone.processFile(file);
}));
However it does not work. 但是,它不起作用。 At this point I get a CORS error: 此时,我收到一个CORS错误:
XMLHttpRequest cannot load https://myurl/mycontainer/82b7f14b-ee7c-45a3…2B%2BmtAJw%3D&st=2014-10-23T04%3A34%3A22Z&se=2014-10-23T04%3A54%3A22Z&sp=w. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://stagingrapidrealities.azurewebsites.net' is therefore not allowed access. The response had HTTP status code 403.
1 个解决方案
解决方案1
1 已采纳 2014-10-24 06:35:33
I think I know what's happening. 我想我知道发生了什么事。 Basically there's nothing wrong with your CORS Settings. 基本上,您的CORS设置没有问题。 They are perfectly fine. 他们很好。 The problem is with your SAS. 问题出在您的SAS。
What is happening is that you're creating a SAS on the blob (blob's name is 7554eb72-f361-4715-a255-a5d6922706b0 ). 发生的事情是您正在blob上创建SAS(blob的名称为7554eb72-f361-4715-a255-a5d6922706b0 )。 What that means is that the signature computed includes this blob name. 这意味着计算出的签名包括该Blob名称。 Then when you are uploading the file you're changing the blob name by appending file name ( clown.jpg ) to the URL. 然后,当您上传文件时,您通过将文件名( clown.jpg )附加到URL来更改Blob名称。 This essentially made SAS signature invalid and thus you're getting 403 error. 这实际上使SAS签名无效,因此您将收到403错误。
There are two ways by which you can fix this issue: 有两种方法可以解决此问题:
- Calculate SAS on blob based on the actual file which you're uploading : In this case, when a user selects a file in your application, you pass the blob name to your server and let it return the SAS URL for that file back and you use just that. 根据要上传的实际文件在blob上计算SAS :在这种情况下,当用户在应用程序中选择文件时,您会将blob名称传递给服务器,并让其返回该文件的SAS URL,然后使用它。 This is the reason your code worked when you're uploading files using GUID. 这就是使用GUID上传文件时代码起作用的原因。
- Calculate SAS on the container : Instead of computing SAS on the blob, you do it on the container instead of a blob. 在容器上计算SAS:而不是在Blob上计算SAS,而是在容器而不是Blob上执行。 The process remains the same. 该过程保持不变。 The difference you will notice is in the SAS URL where
srwould bec(meaning container) instead ofb(meaning blob).您将注意到的区别是在SAS URL中,其中sr为c(表示容器)而不是b(表示blob)。 Then you would use the same approach for deriving thesubmitUrl(ie finding the index of?and inserting file name there).然后,您将使用相同的方法派生submitUrl(即,找到?的索引并在其中插入文件名)。
My recommendation would be to go with #2 because it would result in lesser calls to your server. 我的建议是选择#2,因为这样可以减少对服务器的调用。 On your upload page, you just calculate SAS on container just once and then keep on inserting file names as and when a user selects a file and upload them. 在上传页面上,您只需在容器上计算一次SAS,然后在用户选择文件并上传时继续插入文件名。 In fact we're using this approach in one of the products I'm working on. 实际上,我们在正在开发的其中一种产品中使用了这种方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.