从jQuery或XMLHttpRequest到亚马逊AWS的HTTP GET失败,并且Access-Control-Allow-Origin不允许使用Origin
[英]HTTP GET to amazon aws from jquery or XMLHttpRequest fails with Origin is not allowed by Access-Control-Allow-Origin
问题描述
Having some bad luck with getting amazon AWS security token from jQuery or XMLHttpRequest. 
从jQuery或XMLHttpRequest获取亚马逊AWS安全令牌的运气不好。 When I send a HTTP GET from jQuery or XmlHttpRequest, I get "Origin http:// MY_IP is not allowed by Access-Control-Allow-Origin.", but if I paste the same URL in my browser, it all goes fine. 当我从jQuery或XmlHttpRequest发送HTTP GET时,出现“ Access-Control-Allow-Origin不允许使用原始http:// MY_IP。”,但如果将相同的URL粘贴到浏览器中,则一切正常。
My code: 我的代码:
var url_ = "https://sts.amazonaws.com/?Action=GetSessionToken" +
"&DurationSeconds=3600" +
"&AWSAccessKeyId=" + AccessKeyId +
"&Version=2011-06-15" +
"&Timestamp=" + encode(timestamp) +
"&Signature=" + encode(hash) +
"&SignatureVersion=2&SignatureMethod=HmacSHA256";
$.get(url_, function(data) {
alert("response: "+data);
});
My Headers: 我的标题:
Response Headers 响应标题
Accept-Ranges bytes 接受范围字节
Age 198 年龄198
Connection Keep-Alive 连接保持活动
Content-Length 3739 内容长度3739
Content-Type text/html 内容类型text / html
Date Mon, 25 Jun 2012 17:48:20 GMT 日期,2012年6月25日,星期一17:48:20 GMT
Etag "48c4862-e9b-4c34f76b13400" Etag“ 48c4862-e9b-4c34f76b13400”
Last-Modified Mon, 25 Jun 2012 17:39:28 GMT 上次修改时间,2012年6月25日星期一17:39:28 GMT
Proxy-Connection Keep-Alive 代理连接保持活动
Server Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8r DAV/2 PHP/5.3.10 with Suhosin-Patch 具有Suhosin-Patch的服务器Apache / 2.2.21(Unix)mod_ssl / 2.2.21 OpenSSL / 0.9.8r DAV / 2 PHP / 5.3.10
Request Headers 请求标题
Accept text/html,application/xhtml+xml,application/xml;q=0.9, / ;q=0.8 接受text / html,application / xhtml + xml,application / xml; q = 0.9, / ; q = 0.8
Accept-Encoding gzip, deflate 接受编码gzip,放气
Accept-Language en-us,en;q=0.5 接受语言en-us,en; q = 0.5
DNT 1 DNT 1
Host MY_IP 主机MY_IP
If-Modified-Since Mon, 25 Jun 2012 17:13:16 GMT 如果修改时间自2012年6月25日星期一17:13:16 GMT
If-None-Match "48c127c-ea2-4c34f18fe6300" 如果不匹配,则为“ 48c127c-ea2-4c34f18fe6300”
Proxy-Connection keep-alive 代理连接保持活动
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0 用户代理Mozilla / 5.0(Macintosh; Intel Mac OS X 10.7; rv:12.0)Gecko / 20100101 Firefox / 12.0
Browser headers (if used URL in browser) 浏览器标题(如果在浏览器中使用URL)
Response Headers 响应标题
Content-Length 808 内容长度808
Content-Type text/xml 内容类型text / xml
Date Mon, 25 Jun 2012 17:31:54 GMT 日期,2012年6月25日,星期一17:31:54 GMT
x-amzn-RequestId a854ff13-beeb-11e1-b3ac-0147da731d96 x-amzn-RequestId a854ff13-beeb-11e1-b3ac-0147da731d96
Request Headers 请求标题
Accept text/html,application/xhtml+xml,application/xml;q=0.9, / ;q=0.8 接受text / html,application / xhtml + xml,application / xml; q = 0.9, / ; q = 0.8
Accept-Encoding gzip, deflate 接受编码gzip,放气
Accept-Language en-us,en;q=0.5 接受语言en-us,en; q = 0.5
Connection keep-alive 连接保持活动
DNT 1 DNT 1
Host sts.amazonaws.com 主机sts.amazonaws.com
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0 用户代理Mozilla / 5.0(Macintosh; Intel Mac OS X 10.7; rv:12.0)Gecko / 20100101 Firefox / 12.0
I tried some code from http://www.html5rocks.com/en/tutorials/cors/ , but no luck 我尝试了一些来自http://www.html5rocks.com/zh-CN/tutorials/cors/的代码,但没有运气
Any help is appreciated 任何帮助表示赞赏
1 个解决方案
解决方案1
1 2012-08-26 00:03:27
You asked that question a while ago, you might already have found your answer, but in case someone else is looking for the answer to this question, here it is: 您之前曾问过这个问题,您可能已经找到了答案,但是如果有人在寻找该问题的答案,这里是:
Access-Control-Allow-Origin is a security feature of XMLHttpRequest when doing a request that is outside of the domain of the web page running the javascript. 当执行运行JavaScript的网页域之外的请求时,Access-Control-Allow-Origin是XMLHttpRequest的安全功能。
For example, a web page http://foo.com/index.html is doing a XMLHttpRequest request for http://bar.com/query?a=b , the server at bar.com must put Access-Control-Allow-Origin in the response headers to specify that cross domain requests are permitted. 例如,网页http://foo.com/index.html对http://bar.com/query?a=b发出XMLHttpRequest请求,bar.com上的服务器必须将Access-Control-Allow -在响应标头中指定允许跨域请求。
Amazon AWS, unfortunately, does not provide Access-Control-Allow-Origin in the response headers, so that means that you can't access it using this technique. 不幸的是,Amazon AWS在响应头中未提供Access-Control-Allow-Origin,因此这意味着您无法使用此技术对其进行访问。
The only technique that works with AWS is using flash to proxy the XMLHttpRequest, but this only works on devices that have flash installed (no iphone or ipads). 适用于AWS的唯一技术是使用Flash代理XMLHttpRequest,但这仅适用于已安装Flash的设备(没有iPhone或iPad)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.