堆栈内存溢出
  简体   繁体   English

CORS 使用 S3 Bucket 和 CloudFront 的严格来源

[英]CORS Strict Origin using S3 Bucket and CloudFront

 原文  2022-09-18 16:44:01       amazon-web-services/ amazon-s3/ cors/ amazon-cloudfront

问题描述

I'm using a S3 Bucket with a CloudFront distribution on a sub domain but I get strict-origin-when-cross-origin on a GET request.我在子域上使用带有 CloudFront 分布的 S3 存储桶,但我在 GET 请求中得到了 strict-origin-when-cross-origin。 I can't see what I've done wrong so any help is greatly appreciated.我看不出我做错了什么,所以非常感谢任何帮助。 My website url is https://www.project1.tompenn.co.uk/ And my content url is https://content.tompenn.co.uk/TFTSet7_2/traits.json我的网站 url 是https://www.project1.tompenn.co.uk/我的内容 url 是https://content.tompenn.co.uk/TFTSet7_2/traits.json

Developer Console on my website is throwing the error: Access to fetch at 'https://content.tompenn.co.uk/TFTSet7/traits.json' from origin 'https://www.project1.tompenn.co.uk' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.我网站上的开发人员控制台抛出错误: Access to fetch at 'https://content.tompenn.co.uk/TFTSet7/traits.json' from origin 'https://www.project1.tompenn.co.uk' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

在此处输入图像描述

Here is the CORS policy on my S3 Bucket:这是我的 S3 存储桶上的 CORS 政策: 在此处输入图像描述

Here is how my CloudFront Distribution is setup.以下是我的 CloudFront Distribution 的设置方式。 I only have the one behaviour and this is the config for it:我只有一种行为,这是它的配置: 在此处输入图像描述 在此处输入图像描述

2 个解决方案

解决方案1
 0  2022-09-18 17:10:56

Okay changing this option seems to have solved my issue.好的,更改此选项似乎解决了我的问题。 在此处输入图像描述

解决方案2
 0  2023-01-14 04:51:04

I had a very similar issue and after hours of banging my head against the wall I found that something with Chrome's HTTP caching mechanism prevents the Origin header from being sent.我遇到了一个非常相似的问题,在用头撞墙数小时后,我发现 Chrome 的 HTTP 缓存机制阻止了Origin header 的发送。 This is a Chrome-specific issue as I could not reproduce it with Safari. You can check whether this is the case for you as well by toggling the "Disable Cache" option under the Network tab of Chrome developer tools .这是一个特定于 Chrome 的问题,因为我无法使用 Safari 重现它。您可以通过切换Chrome 开发人员工具的网络选项卡下的“禁用缓存”选项来检查您是否也是这种情况。

To force your request to ignore the cache, use appropriate cache option ( documentation ).要强制您的请求忽略缓存,请使用适当的cache选项(文档)。 This is my final working code:这是我的最终工作代码:

fetch(url, {
  method: 'GET',
  mode: 'cors',
  cache: 'no-store', // for some reason Chrome's caching doesn't send Origin
})

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用ansible剧本创建一个Origin是S3存储桶的Cloudfront发行版 - Create a Cloudfront Distribution that Origin is an S3 bucket using ansible playbook 如果使用 S3 存储桶作为源,AWS CloudFront “源盾”是否重要? - Does AWS CloudFront “origin shield” matter if using S3 bucket as Origin? 没有S3存储桶的AWS Cloudfront CORS标头 - AWS Cloudfront CORS headers without S3 bucket 允许CloudFront使用原始访问身份访问S3存储桶 - Allow CloudFront to access an S3 bucket with an origin access identity 当源是 S3 存储桶时,AWS CloudFront 返回 http 307 - AWS CloudFront returns http 307 when origin is S3 bucket terraform cloudfront 分发源 - 如何更新 s3 存储桶策略 - terraform cloudfront distribution origin - how to update s3 bucket policy 为任何 Cloudfront 源访问身份添加 S3 存储桶策略 - Adding S3 Bucket Policy for any Cloudfront Origin Access Idenity CloudFront,S3,CORS,OPTIONS 方法“缺少允许来源” - CloudFront, S3, CORS, OPTIONS method "Missing Allow Origin" AWS Cloudfront 以 AWS S3 作为来源给出 CORS 错误 - AWS Cloudfront gives a CORS error with AWS S3 as origin 使用 Cloudfront 限制对 S3 存储桶的访问 - Using Cloudfront to restrict access to S3 bucket
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM