Amazon S3 CORS配置XMLHttpRequest GET
[英]Amazon S3 CORS Configuration XMLHttpRequest GET
问题描述
I'm hosting a static website via Amazon S3 and I have some Javascript on there that will make a call to another domain and parse the XML, JSON, or whatever that it gets. 
我通过Amazon S3托管一个静态网站,我在那里有一些Javascript,它将调用另一个域并解析XML,JSON或其他任何东西。
I followed the many posts on stackoverflow and various blog posts it linked to that claimed to get it working but even after following very closely I could never replicate the results. 我跟踪了stackoverflow上的很多帖子以及链接到它的各种博客帖子声称能够使它工作但是即使在非常密切地关注之后我也永远无法复制结果。
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
</CORSRule>
I even tried adding with and without the following to the rule, 我甚至尝试添加有和没有以下规则,
<AllowedHeader>*</AllowedHeader>
The following link allows you to test if CORS is enabled by sending XMLHttpRequests and it says it is not valid so CORS is not set up or recognized properly. 以下链接允许您通过发送XMLHttpRequests来测试是否启用了CORS,并且它表示它无效,因此未正确设置或识别CORS。
http://client.cors-api.appspot.com/client/ http://client.cors-api.appspot.com/client/
A possible lead is what is suggested in Amazon S3 documentation here, 可能的潜在客户是Amazon S3文档中的建议,
http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETcors.html http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETcors.html
that says we need to set the "s3:GetCORSConfiguration" permission, which I did via a line like... 这说我们需要设置“s3:GetCORSConfiguration”权限,我通过像......这样的行来做
"Action": ["s3:GetObject", "s3:GetCORSConfiguration"], “动作”:[“s3:GetObject”,“s3:GetCORSConfiguration”],
in the "edit bucket policy" section from the AWS control panel but it gives an error and cannot save because it doesn't recognize this action? 在AWS控制面板的“编辑存储桶策略”部分中但是它出错并且无法保存,因为它无法识别此操作?
A potentially similar post on stackexchange here, 这里有一个类似于stackexchange的帖子,
HTTP GET to amazon aws from jquery or XMLHttpRequest fails with Origin is not allowed by Access-Control-Allow-Origin 来自jquery或XMLHttpRequest的HTTP GET到amazon aws失败,Access-Control-Allow-Origin不允许使用Origin
seems to suggest that if I have a website hosted on S3 that it can not configure it to make XMLHttpRequests that are GET to a 3rd party resource? 似乎建议如果我有一个托管在S3上的网站,它无法配置它来制作GET到第三方资源的XMLHttpRequests?
I feel like I'm going in circles...anyone out there have any leads/advice? 我觉得我要去圈子......那里有人有任何线索/建议吗? Thanks. 谢谢。
3 个解决方案
解决方案1
1 2017-09-19 17:52:38
You have to expose the access control headers. 您必须公开访问控制标头。 Try this: 尝试这个:
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<ExposeHeader>Access-Control-Allow-Origin</ExposeHeader>
<ExposeHeader>Access-Control-Allow-Methods</ExposeHeader>
</CORSRule>
解决方案2
0 2014-12-09 18:46:36
There might be some relation here to the example we just worked through on our apps which was related to the https which was a hardcoded configuration on some of our clients machines. 这里可能与我们刚刚在我们的应用程序上进行的示例有一些关系,这些示例与https有关,这是我们的一些客户机器上的硬编码配置。 I don't know exactly what that means but it might be a place to check. 我不知道究竟是什么意思,但它可能是一个值得检查的地方。
instead of http:// try https:// 而不是http://尝试https://
XMLHttpRequest to Amazon S3 fails only on some computers XMLHttpRequest到Amazon S3仅在某些计算机上失败
解决方案3
-1 2013-01-23 18:25:08
I think you are confused or I misread your question. 我觉得你很困惑,或者我误解了你的问题。
You enable CORS on your site so other sites can make requests to your page. 您在站点上启用CORS,以便其他站点可以向您的页面发出请求。
Enabling CORS on your S3 site will allow example.com to talk to your S3 page. 在S3站点上启用CORS将允许example.com与您的S3页面通信。 It does not allow your site to talk to example.com. 它不允许您的网站与example.com交谈。
In order for you to make requests to other domains, they have to enable the privileges. 为了向其他域发出请求,他们必须启用权限。 You can not magically turn it on for their domains. 你不能为他们的域神奇地打开它。 It is like saying that you give permission to yourself to walk into the whitehouse and use the president's bathroom. 就像说你允许自己走进白宫并使用总统的浴室。 When you hop the fence, the secret service will deny that request with force. 当您跳过围栏时,秘密服务将强行拒绝该请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.