[英]AWS CloudFront Access-Control-Allow-Origin and Signed Cookie/Urls
I'm stuck with a CORS at S3+Cloudfront+Signed Urls. 我在S3 + Cloudfront + Signed Urls遇到了CORS。
My use cases is: 我的用例是:
First story (successful): 第一个故事(成功):
I have an Amazon S3 bucket with a Cloudfront. 我有一个带Cloudfront的Amazon S3存储桶。 Files are accessible by the
DOMAIN1/file
link 可以通过
DOMAIN1/file
链接访问DOMAIN1/file
I write a simple test JS script to get file from DOMAIN1 and put it at the DOMAIN2/test.html
我编写了一个简单的测试JS脚本来从DOMAIN1中获取文件,并将其放在
DOMAIN2/test.html
Second case (successful too): 第二种情况(也成功):
Third case (failed) 第三种情况(失败)
DOMAIN2/test.html
test script DOMAIN2/test.html
情况开始)放到DOMAIN2/test.html
测试脚本中 No 'Access-Control-Allow-Origin' header
error. No 'Access-Control-Allow-Origin' header
错误。 So Cloudfront is not sending a header in case of restricted distribution. 因此,在分配受限的情况下,Cloudfront不会发送标头。
CORS xml is: CORS xml是:
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>10</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
It must be some issue in the CloudFront/S3/IAM settings. CloudFront / S3 / IAM设置中一定有问题。 How I can fix it?
我该如何解决?
Seems like a solution was to setup a correct access rights to the S3 bucket. 似乎一种解决方案是为S3存储桶设置正确的访问权限。 Instead the "Everyone" access, need an "Any AWS authenticated user" or "Cloudfront appropriate user".
取而代之的是“所有人”访问,需要“任何经AWS身份验证的用户”或“适合Cloudfront的用户”。
I went to Cloudfront Distributions -> MYPRIVATECLOUDFRONTID -> Behaviors
and added the Following: 我去了
Cloudfront Distributions -> MYPRIVATECLOUDFRONTID -> Behaviors
并添加了以下内容:
Path Pattern = path/to/my/file.ext
Forward Headers = Whitelist
And added to Whitelist Header: Origin
并添加到
Whitelist Header: Origin
Don't forget to uncheck the option Restrict Viewer Access (Use Signed URLs or Signed Cookies)
- for me, it was marked to not restrict even though I have marked the whole cache to be restricted. 不要忘记取消选中“
Restrict Viewer Access (Use Signed URLs or Signed Cookies)
-对我来说,即使我已将整个缓存标记为受限,它也被标记为不受限。
My next step is to automatically set this whitelist on demand. 我的下一步是根据需要自动设置此白名单。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.