Amazon S3 映像 CORS 问题
[英]Amazon S3 image CORS issue
问题描述
' from origin ' http://example.com ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 
' from origin ' http://example.com ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' http://example.com ' is therefore not allowed access.因此,不允许访问原点“ http://example.com ”。
I am using amazon cloudfront for CDN.我正在为 CDN 使用亚马逊 cloudfront。 can someone please tell me why i am still not able to see Access-Control-Allow-Origin:"*"?有人可以告诉我为什么我仍然看不到 Access-Control-Allow-Origin:"*" 吗?
MY S3 cors MY S3 cors
3 个解决方案
解决方案1
5 已采纳 2018-04-27 06:56:14
This is my setup, you need both edit the CORS in S3 as well in the CloudFront这是我的设置,您需要在 S3 中以及在 CloudFront 中编辑 CORS
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
I don't know if it's part of the protocol, but it's the only way I could set up for a CORS call我不知道它是否是协议的一部分,但这是我为 CORS 调用设置的唯一方法
you also need to whitelist the Origin of your CDN behavior您还需要将 CDN 行为的Origin列入白名单
like:喜欢:
解决方案2
2 2021-05-10 15:41:37
I'm writing this answer cause I was stuck in the issue for almost a day.我写这个答案是因为我被这个问题困了将近一天。
Add CORS permission on AWS S3在 AWS S3 上添加 CORS 权限
- Open the specific bucket.打开特定的存储桶。
- Then click on the permission tab on the top然后点击上方的权限标签
- Then scroll to the last, and you will find the CORS configuration.然后滚动到最后,你会发现CORS配置。 Just click on edit.只需点击编辑。
- Then paste the below configuration in然后将以下配置粘贴到
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
- You can also add your custom domains inside AllowedOrigin您还可以在 AllowedOrigin 中添加自定义域
Remove cache from API call从 API 调用中删除缓存
I have done the above change but still, I was facing the same issue again and again.我已经完成了上述更改,但仍然一次又一次地面临同样的问题。 I fixed that by disabling the cache of the API.我通过禁用 API 的缓存来解决这个问题。 I was using fetch to call the s3 URL.我正在使用fetch来调用 s3 URL。 Below is the code for it.下面是它的代码。
fetch(
<s3 URL>,
{
method: 'GET',
headers: { "Cache-Control": 'no-cache' },
}
)
解决方案3
0 2022-08-15 16:45:54
We need to set CORS headers in the Permissions tab, as mentioned by Anand Tripathi in the above answer.我们需要在Permissions选项卡中设置 CORS 标头,如Anand Tripathi在上述答案中所述。
But also from the server side, we need to set some headers like below as mentioned in the MDN docs .但同样从服务器端,我们需要像MDN 文档中提到的那样设置一些如下所示的标头。
res.header("Vary", "Origin");
res.header("Access-Control-Allow-Origin", req.get("origin") || req.get("host"));
res.header("Access-Control-Allow-Credentials", "true");
res.header("Access-Control-Allow-Headers", "*");
res.header("Access-Control-Allow-Methods", "*");
the above example is for NodeJs-Express.上面的例子是针对 NodeJs-Express 的。
The above headers are validated by the browser, by calling the OPTIONS rest API method, so make sure to send them in response.上述标头由浏览器通过调用 OPTIONS rest API 方法进行验证,因此请务必将它们作为响应发送。
Note:- res.header("Access-Control-Allow-Origin", "*") won't work, it'll result in the cors error, so we need to set the exact origin
In my case ( NodeJs-ExpressJs ), I was using like below,就我而言( NodeJs-ExpressJs ),我使用如下所示,
const cors = (req, res, next) => {
res.header("Vary", "Origin");
res.header("Access-Control-Allow-Origin", req.get("origin") || req.get("host"));
res.header("Access-Control-Allow-Credentials", "true");
res.header("Access-Control-Allow-Headers", "*");
res.header("Access-Control-Allow-Methods", "*");
next();
};
app. use(cors);// as a middleware // the cors headers will be set in every response.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.