[英]Cross-Origin Resource Sharing (Access-Control-Allow-Origin header) Rackspace Cloudfiles CDN
I am getting the following error on our live site in Chrome due to embedded font files in CSS all on our rackspace CDN: 由于CSS中的嵌入式字体文件全部位于我们的rackspace CDN上,因此我在Chrome中的实际网站上收到以下错误:
Font from origin ' https://aaa-aaa.ssl.cf3.rackcdn.com ' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 来自“ https://aaa-aaa.ssl.cf3.rackcdn.com ”的字体已被跨源资源共享策略阻止加载:请求的资源上没有“Access-Control-Allow-Origin”标头。 Origin ' https://www.mysite.co.uk ' is therefore not allowed access. 因此,不允许访问“ https://www.mysite.co.uk ”。
How do I add the Access-Control-Allow-Origin header on to the response when GETting these files from the CDN? 从CDN获取这些文件时,如何在响应中添加Access-Control-Allow-Origin标头?
Finally worked this out from the docs and some help from the Rackspace crew. 最后,从文档和Rackspace工作人员的帮助中解决了这个问题。
Importantly, for CDN enabled containers containing only CDN files, there is no point adjusting the container's meta-headers. 重要的是,对于仅包含CDN文件的启用CDN的容器,没有必要调整容器的元标题。 These are only inherited by files not on the CDN. 这些仅由不在CDN上的文件继承。
I had to adjust the response headers on the font files themselves. 我不得不调整字体文件本身的响应头。 Unfortunately this is only currently supported through the API and I used curl from the command line in Windows 7. 不幸的是,目前只支持API,我在Windows 7中使用了命令行中的curl。
First step is to authenticate: 第一步是验证:
curl -d "{\"auth\":{\"RAX-KSKEY:apiKeyCredentials\":{\"username\":\"my_username\",\"apiKey\":\"my_api_key\"}}}" -H "Content-Type: application/json" "https://identity.api.rackspacecloud.com/v2.0/tokens"
Then extract the id
of the token
from the response and the publicURL
of the endpoint
related to cloudFiles
. 然后从响应中提取token
的id
以及与publicURL
相关的endpoint
cloudFiles
。 I copied the response to Notepad++ and searched for token
and cloudfiles
respectively. 我将响应复制到Notepad ++并分别搜索token
和cloudfiles
。
I tried adjusting the headers with the following command: 我尝试使用以下命令调整标头:
curl -i -XPOST -H "x-auth-token: my-auth-token" -H "Access-Control-Expose-Headers: Access-Control-Allow-Origin" -H "Access-Control-Allow-Origin: *" https://storage101.lon3.clouddrive.com/v1/MossoCloudFS_my-end-point/container/pseudo-dir1/psuedo-dir2/my-site-icons.ttf
Did it work? 它有用吗?
I got a HTTP/1.1 2xx
response and checked it worked with: 我得到了一个HTTP/1.1 2xx
响应,并检查它是否适用于:
curl -i -XGET -H "X-Auth-Token: my-auth-token" https://storage101.lon3.clouddrive.com/v1/MossoCloudFS_my-end-point/container/pseudo-dir1/psuedo-dir2/my-site-icons.ttf
Unfortunately you have to wait for the file's TTL to expire, or purge it to see a live result. 不幸的是,您必须等待文件的TTL过期,或清除它以查看实时结果。 When I did this it was taking over a day to do an edge purge. 当我这样做时,花了一天时间进行边缘净化。 I checked the live version with: 我检查了实时版本:
curl -i -XGET https://live-version-container-hash.ssl.cf3.rackcdn.com/pseudo-dir1/psuedo-dir2/my-site-icons.ttf
I settled on adding a version to my file and adding the headers during the upload: 我决定在我的文件中添加一个版本并在上传过程中添加标题:
curl -i -XPUT -H "x-auth-token: my-auth-token" -H "Access-Control-Expose-Headers: Access-Control-Allow-Origin" -H "Access-Control-Allow-Origin: *" https://storage101.lon3.clouddrive.com/v1/MossoCloudFS_my-end-point/container/pseudo-dir1/psuedo-dir2/my-site-icons1.0.0.ttf -T my-site-icons.tff
Performed from my local directory where the file my-site-icons.tff
was located 从my my-site-icons.tff
文件所在的本地目录执行
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.