使用API从AWS S3获取非公共JavaScript文件
[英]GET a non-public JavaScript file from AWS S3 using their API
问题描述
I am attempting to follow the AWS API for getting a JavaScript file from a private S3 bucket. 
我正在尝试使用AWS API从私有S3存储桶中获取JavaScript文件。 The guide is here: Signing and Authenticating REST Requests 该指南在此处: 签署和验证REST请求
The environment is a browser with jQuery, so this is a JavaScript implementation. 环境是一个带有jQuery的浏览器,所以这是一个JavaScript实现。 I have worked through what I considered to be the hard part - signing the request with the secret key. 我已经完成了我认为很难的部分 - 使用密钥签署请求。 But now I am hung up on something supposedly easy. 但是现在我被挂在了一件容易的东西上。 I have this resulting REST request to transmit: 我有这个结果的REST请求传输:
GET /gss3/sayHello.js HTTP/1.1
Host: gss3.s3.amazonaws.com
Date: Thu Feb 07 2013 08:16:25 GMT-0500 (Eastern Standard Time)
Authorization: AWS AKIAJTURNBE6SXNTVVGQ:eWJOLZnj6Eja3CEC2CyifeURnxg=
Since this is a call to s3.amazonaws.com from www.mydomain.com, I was looking at JSONP to get around the same origin policy. 由于这是来自www.mydomain.com的对s3.amazonaws.com的调用,我正在寻找JSONP来绕过相同的原始政策。 However, I don't see any way to add extra headers to a jQuery JSONP call, and to authenticate with AWS you have to pass that 4th line: 但是,我没有看到任何方法为jQuery JSONP调用添加额外的标头,并且要通过AWS进行身份验证,您必须通过第4行:
Authorization: AWS AKIAJTURNBE6SXNTVVGQ:eWJOLZnj6Eja3CEC2CyifeURnxg=
So my question is this: how the heck do I transmit this REST request to AWS in my browser / jQuery environment? 所以我的问题是:我在浏览器/ jQuery环境中如何将此REST请求传输到AWS? What am I missing here? 我在这里错过了什么? Thanks gang.... 谢谢帮......
2 个解决方案
解决方案1
5 已采纳 2013-02-08 06:06:54
Although this source was written for PHP, the blog Amazon AWS S3 Query String Authentication with PHP shows how to compile a plain old querystring and pass the signature as a parameter to S3. 尽管此源是为PHP编写的,但使用PHP的博客Amazon AWS S3查询字符串身份验证显示了如何编译普通的旧查询字符串并将签名作为参数传递给S3。
$url .= '?AWSAccessKeyId='.$awsKeyId
.'&Expires='.$expires
.'&Signature='.$signature;
Using the crypto-js and converting to Javascript then gives us something like this: 使用crypto-js并转换为Javascript然后给我们这样的东西:
var filePath = "/bucket/file.js";
var dateTime = Math.floor(new Date().getTime() / 1000) + 300; // allows for 5 minutes clock diff
var stringToSign = "GET\n\n\n" + dateTime + "\n" + filePath;
var signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA1(stringToSign, secretAccessKey));
var queryString = "?AWSAccessKeyId=" + accessKeyId + "&Expires=" + dateTime + "&Signature=" + encodeURIComponent(signature);
var script = document.createElement("script");
script.type = "text/javascript";
script.src = "https://s3.amazonaws.com/bucket/file.js" + queryString;
$("head").append(script); // jQuery version
And there you go, almost the whole banana written for you. 你去了,差不多是为你写的整个香蕉。 I hope this helps someone out. 我希望这可以帮助别人。
解决方案2
0 2013-02-07 23:47:03
You can't add headers to a JSON-P call as a JSON-P call is just a dynamic scrip tag appended to your webpage, unless S3 supports passing it as a GET param. 您不能将标头添加到JSON-P调用,因为JSON-P调用只是附加到您的网页的动态脚本标记,除非S3支持将其作为GET参数传递。
If you're using JSON-P then cross-domain issue no longer matter. 如果您使用的是JSON-P,则跨域问题不再重要。 As long as its valid JS it can be pulled in to your webpage from any domain. 只要有效的JS,它就可以从任何域名引入您的网页。 You just need to make sure the S3 file in question has a permission of viewable by anyone. 您只需要确保有问题的S3文件具有任何人都可以查看的权限。
The last way to do it, is enable your S3 bucket with CORS (cross domain ajax) which is a new feature S3 supports. 最后一种方法是使用CORS(跨域ajax)启用S3存储桶,这是S3支持的新功能。 Then you can do vanilla ajax calls cross domain to your s3 bucket and add extra headers to your hearts content. 然后你就可以将vanilla ajax调用跨域调用到你的s3存储桶并为你的内容添加额外的标题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.