Amazon S3 图像获取 CORS Chrome 中的错误/错误,Firefox 中没有错误
[英]Amazon S3 image fetching CORS Error/Bug in Chrome, no errors in Firefox
问题描述
There's a bug or error, which might very well be fixable with configuration options in Amazon S3 when fetching images.
有一个错误或错误,在获取图像时很可能可以通过 Amazon S3 中的配置选项修复。 I've seen a reference about this in Stack Overflow and the AWS Forums .我在Stack Overflow和AWS Forums中看到了关于此的参考。 What most of those didn't do is make it easy to replicate, which the fiddles below should, so this is easy to visualize.大多数人没有做的是让它易于复制,下面的小提琴应该这样做,所以这很容易想象。
Here is a JS Fiddle that connects to an image in our current instance:这是一个连接到我们当前实例中的图像的 JS Fiddle:
http://jsfiddle.net/02nojg8w/ http://jsfiddle.net/02nojg8w/
As you can see inside the <img> tag, the image can be fetched normally, even inside Chrome.正如您在<img>标签内看到的那样,即使在 Chrome 中也可以正常获取图像。 However, when you try to Convert via Canvas or Filereader it will not work, throwing the following errors:但是,当您尝试通过 Canvas 或 Filereader 进行转换时,它将不起作用,并抛出以下错误:
Canvas Canvas
Image from origin 'https://siga-pmx.s3.amazonaws.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://fiddle.jshell.net' is therefore not allowed access.
File Reader文件阅读器
XMLHttpRequest cannot load https://siga-pmx.s3.amazonaws.com/digitalization/1448213569280_saya_pixel.png. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://fiddle.jshell.net' is therefore not allowed access.
Essentially when loading images with a request from Chrome and Chromium in Windows systems the request will fail, it also fails in Microsoft Edge.本质上,当在 Windows 系统中使用来自 Chrome 和 Chromium 的请求加载图像时,请求将失败,在 Microsoft Edge 中也会失败。 I've confirmed this with multiple Windows 7, and Windows 10 machines.我已经用多台 Windows 7 和 Windows 10 机器确认了这一点。 But on those same machines if you use Firefox to do the same request it will work.但是在这些相同的机器上,如果您使用 Firefox 来执行相同的请求,它将起作用。 A friend could not replicate this on OS X Chrome/Chromium.朋友无法在 OS X Chrome/Chromium 上复制它。
The initial configuration we were using was this:我们使用的初始配置是这样的:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
And after trying some Stack Overflow answers dealing with something similar we switched to this:在尝试了一些处理类似问题的 Stack Overflow 答案后,我们切换到这个:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>ETag</ExposeHeader>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>ETag</ExposeHeader>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>https://*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>ETag</ExposeHeader>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
You might think maybe it's a browser-wide issue, however, if we use the same JSFiddle with an image from, for example, Wikimedia commons it will work on Chrome and Edge, see the JS Fiddle below.您可能认为这可能是浏览器范围的问题,但是,如果我们将相同的 JSFiddle 与来自维基共享资源的图像一起使用,它将在 Chrome 和 Edge 上运行,请参阅下面的 JS Fiddle。
http://jsfiddle.net/hy4wxggx/ http://jsfiddle.net/hy4wxggx/
How should our CORS configuration look if we want to fix this issue?如果我们想解决这个问题,我们的 CORS 配置应该如何? Or another option for a viable answer is: How would we edit our Canvas JavaScript method so that it properly fetches these images?或者另一个可行答案的选择是:我们如何编辑我们的 Canvas JavaScript 方法,以便它正确地获取这些图像?
2 个解决方案
解决方案1
2 已采纳 2015-11-23 19:15:55
Managed to fix this.设法解决了这个问题。 First I changed the S3 CORS configuration to the following:首先,我将 S3 CORS 配置更改为以下内容:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Allowing any Header, and then I switched the URL we use to access the files from 'https' to 'http'.允许任何标题,然后我将用于访问文件的 URL 从“https”切换为“http”。
Https will still throw the errors even with the above configuration, it's essential to use http.即使使用上述配置,Https 仍然会抛出错误,使用 http 是必不可少的。
After that everything works in Chrome/Chromium.之后,一切都在 Chrome/Chromium 中运行。
解决方案2
0 2022-05-16 17:16:08
For safari fix, Add head in allow method in cors configuration for s3 bucket.对于 safari 修复,在 s3 存储桶的 cors 配置中的 allow 方法中添加 head。 so it looks like this所以它看起来像这样
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://www.example.com</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.